CVE Vulnerabilities - 19 February 2026

FormaLMS versions 4.1.18 and below allow attackers to discover valid usernames by analyzing error messages returned when attempting to recover passwords. This can be exploited by malicious individuals...

A security weakness in SeedProd's Coming Soon Page and Under Construction & Maintenance Mode makes it possible for unauthorized users to access restricted areas. This affects versions of the plugin up...

A security issue in DevsBlink EduBlink lets attackers access parts of the system they shouldn't. This affects EduBlink software versions up to 2.0.7. To stay secure, update to the latest version of Ed...

Werkzeug's safe_join function allows attackers to trick the application into serving files with Windows device names as filenames. This can cause the application to hang indefinitely if the requested ...

Feathers, an authentication service, stores sensitive internal headers in an unencrypted cookie, potentially exposing internal infrastructure details like API keys and IP addresses. This could happen ...

An outdated version of the Vercel adapter for Svelte can store sensitive user data in cache, which can be exploited by attackers if a user visits a malicious link with them logged in. To fix this, upd...

Versions of the changedetection.io tool prior to 0.53.2 allow attackers to access sensitive application source files, potentially exposing proprietary code. This is a security risk because it could al...

An attacker can reset the WorkTime database configuration without a password, which could disrupt business operations and compromise sensitive data. This vulnerability affects the WorkTime on-prem ser...

The Sonaar MP3 Audio Player plugin for WordPress has a security issue where attackers can see private posts without permission. This is a problem because sensitive information might be exposed. Update...

A bug in WooCommerce Live Sales Notifications software allows unauthorized users to access sales data if the security settings are not properly configured. This affects versions 1 through 2.3.46 of th...

The NotificationX plugin for WordPress has an issue where users with incorrect access levels can do things they shouldn't be able to do. This could lead to sensitive data being accessed or modified. T...

A security issue in LeadConnector versions up to 3.0.21 allows users with incorrect access levels to access areas they shouldn't. This could allow unauthorized access to sensitive data or functions. U...

If the access control settings are not properly configured in WPBookit Pro, an attacker could access sensitive information or perform actions they shouldn't be able to. This is a concern for websites ...

A security flaw in the Broken Link Notifier plugin makes it possible for unauthorized users to access certain features. This issue affects versions of the plugin up to 1.3.5. To fix the issue, update ...

WP Job Manager, a popular plugin for WordPress job postings, has a security flaw that allows unauthorized users to perform actions they shouldn't be able to. This means that if your site is using an o...

A security weakness in EventPrime's calendar management system allows unauthorized users to access sensitive system information. This affects all versions of EventPrime up to 4.2.8.3, which means that...

An issue in Elementor Ally's configuration settings allows unauthorized access to certain features. This affects Elementor Ally versions 4.0.2 and earlier. To fix this, update to the latest version of...

The WP-Lister Lite for eBay plugin has a security issue that could allow unauthorized access to its settings. This plugin is used by eBay sellers, and if not configured correctly, it could let someone...

A security issue in Spa and Salon software allows unauthorized users to access administrator settings, potentially leading to unauthorized changes or data manipulation. This affects versions up to 1.3...

A security weakness in WP Compress allows an attacker to access and potentially modify image optimization settings if the plugin's access control is not properly set up. This affects versions of WP Co...

A security weakness in the CitiLights theme allows unauthorized access to sensitive data if access control settings are not properly configured. This affects versions of CitiLights up to 3.7.2. To sta...

An unauthorized user can access and manipulate client invoices in Sprout Invoices if access control settings are not properly configured. This can lead to sensitive information being exposed or tamper...

A security issue in Download Alt Text AI allows unauthorized access to features. This affects version 1.10.15 and earlier. Users should update to a fixed version to prevent unauthorized access.

Ays Pro AI ChatBot with ChatGPT and Content Generator has a security flaw that lets an attacker access restricted areas if the security settings are not properly configured. This affects versions of t...

A security issue in Coachify versions up to 1.1.5 allows unauthorized users to access sensitive data. This affects the security of your Coachify installation. Update to the latest version (1.1.6 or hi...