CVE Vulnerabilities - 19 February 2026

Shopwell's access control settings are not properly configured, allowing unauthorized access to sensitive data. This means that users may be able to view or modify data they shouldn't have access to. ...

The Endless Posts Navigation software has a flaw that could allow unauthorized access to certain features. This means someone might be able to do things they shouldn't be able to do, like accessing se...

An issue in the rtMedia plugin for WordPress and BuddyPress allows unauthorized access to sensitive data. This affects versions up to 4.7.8. To stay secure, update the rtMedia plugin to the latest ver...

A security flaw in Quiz And Survey Master allows an attacker to access quiz data they shouldn't be able to see. This is a problem because it could allow someone to view sensitive information they shou...

A weakness in SupportCandy's access control allows attackers to access sensitive areas without permission. This affects SupportCandy versions up to 3.4.4. To protect your data, update to the latest ve...

An issue with Elementor Contact Form DB allows attackers to access and potentially steal sensitive data. If not addressed, this could lead to unauthorized access and data breaches. Update to version 2...

A security issue in hCaptcha for WordPress allows attackers to exploit weak access controls. This affects versions of hCaptcha for WordPress from version 1 to 4.22.0. To protect your site, update to t...

A security issue in XStore shopping cart software allows hackers to inject malicious code into a website, potentially stealing or manipulating customer data. This affects XStore versions up to 9.6.4, ...

A security issue in the N-Media Frontend File Manager could allow users to access files they shouldn't have access to if access controls are not set up correctly. This affects a version of the N-Media...

The Kraft Plugins Wheel of Life software does not properly control access to its features, which could allow an attacker to access data or perform actions they shouldn't. This is a serious issue becau...

A security issue in Alma Gateway for WooCommerce allows unauthorized users to access customer data if access control settings are not properly configured. This can lead to sensitive information being ...

A security flaw in Ultimate Gift Cards For WooCommerce allows unauthorized users to access gift cards if access control settings are misconfigured. This can lead to users being able to redeem or modif...

A security weakness in DirectoryPress allows attackers to access sensitive areas of your website if access controls are not set up correctly. This affects versions of DirectoryPress up to 3.6.25. To s...

A security flaw in WPDeveloper's Essential Addons for Elementor plugin allows attackers to access sensitive settings if access control is not properly configured. This issue affects older versions of ...

A security issue in Everest Forms allows attackers to inject malicious code into web pages, potentially allowing them to steal user data or take control of the site. This issue affects all versions of...

The blst library has a vulnerability that can cause a critical error if a program using it is given a special kind of input. This could potentially lead to a program crash, which would make the system...

The Mega Store Woocommerce theme has a security flaw that lets authorized users with limited access create or modify site pages and settings. This is a concern because it could be exploited by attacke...

The Razorpay for WooCommerce plugin on WordPress has a security flaw that allows anyone to change the email and phone number on any order without permission. This is a risk because attackers could use...

An attacker can delete attachments associated with guest orders without being authorized. This is a concern for online stores using the WooCommerce plugin. To fix, update to version 7.8.6 or later, or...

The Breeze WordPress plugin has a security flaw that lets anyone clear your website's cache without permission. This means that an attacker could make your website seem broken or show incorrect inform...

The Breadcrumb NavXT plugin for WordPress allows unauthorized access to sensitive post information. This can happen if an attacker manipulates a specific parameter in the URL. To protect your site, up...

The accessiBe plugin for WordPress exposes sensitive information, such as email addresses and license details, to anyone who views the website's browser console. This could lead to unauthorized access...

A security flaw in the WordPress Popup Builder plugin allows hackers to remove people from email lists without permission. This can happen if the attacker knows the person's email address. To protect ...

The WooCommerce Checkout Manager plugin, used with WordPress, has a security flaw that lets attackers upload files to the server without needing a login. This means an attacker could potentially uploa...

A bug in QEMU can cause sensitive data to be leaked or the program to crash if it's given a specially crafted virtual disk image. This could potentially expose confidential information. Update QEMU to...