CVE Vulnerabilities - 19 February 2026

A security issue in Melapress WP Activity Log version 5.5.4 and earlier allows an attacker to inject malicious code into a website, potentially allowing them to steal user data or take control of the ...

A security issue in the XStore Core plugin allows attackers to inject malicious code onto your website through user input. This could potentially allow them to steal sensitive information or take cont...

XStore versions 9.6.4 and earlier may allow an attacker to inject malicious code into a website, potentially stealing user data or taking control of the site. This issue can be exploited by a hacker w...

A security issue in Aruba HiSpeed Cache means that if the access control settings are not properly configured, attackers might be able to access sensitive data they shouldn't have access to. This affe...

An unknown code issue in CoCoTeaNet CyreneAdmin's System Info Endpoint could allow unauthorized access. This could happen if an attacker sends a specific request to the /api/system/dashboard/getCount ...

An attacker can access unauthorized files on your server by manipulating a specific request to the CyreneAdmin image handler. This could potentially allow unauthorized access to sensitive information....

The Shield Security plugin for WordPress has a security weakness that lets hackers trick site administrators into revealing sensitive information. This is a risk because it allows hackers to steal sen...

The Two Factor Authentication via Email plugin for WordPress has a security flaw that allows attackers to bypass the two-factor authentication process. This means that hackers can access accounts with...

The Aruba HiSpeed Cache plugin for WordPress has a security issue that allows anyone to change its settings and enable/disable features without needing a password. This could lead to unintended change...

SPIP, a content management system, has a security flaw that allows an attacker to inject malicious code into the system. An attacker can exploit this vulnerability by setting a malicious link in a syn...

A security flaw in the CDATA FD614GS3-R850 software allows an attacker to potentially take control of the system by sending specific input to certain parameters. This could lead to unauthorized change...

The Dealia – Request a Quote plugin for WordPress is open to a security risk that allows attackers to inject malicious code into pages. This can happen when a user with contributor-level access or abo...

A bug in Smart Auto Upload Images allows an attacker to send malicious requests to servers on the internet, potentially causing harm to those systems. This affects versions 1.2.2 and earlier. Update t...

The Advance Block Extend plugin for WordPress contains a security flaw that allows attackers with Contributor-level access or above to inject malicious scripts on certain pages. This could lead to una...

The Easy Author Image plugin for WordPress is vulnerable to attacks that can inject malicious code into user profiles. This can happen when an authenticated user with limited access uploads a maliciou...

The XO Event Calendar plugin for WordPress has a security flaw that allows hackers to inject malicious scripts into websites. This could allow them to take control of a website or steal sensitive info...

The Groups plugin for WordPress has a security flaw that lets attackers inject malicious code on certain pages. This can harm users who visit those pages. Update to a newer version of the plugin to fi...

A security flaw in the WordPress Font Awesome Field plugin makes it possible for hackers to inject malicious code into website visitors' browsers. This can happen if a website is using an outdated ver...

A security flaw in the YaMaps for WordPress plugin allows attackers with contributor-level access to inject malicious scripts on any page, which can be executed when users visit those pages. This can ...

Attackers can inject malicious scripts into WordPress pages if they have author access or higher. This can happen when a user accesses a page with the injected script. It's recommended to update to th...

The Easy Table of Contents plugin for WordPress is vulnerable to a security flaw that allows attackers to inject malicious scripts into pages. This could allow attackers to take control of a website, ...

The s2Member plugin for WordPress can be exploited by attackers with Contributor-level access to inject malicious code into pages, which can be executed when users visit those pages. This can lead to ...

The Apollo13 Framework Extensions plugin for WordPress has a security flaw that allows attackers with Contributor-level access to inject malicious code into certain pages. This could be used to harm u...

The Album and Image Gallery plugin for WordPress allows attackers with contributor-level access or higher to inject malicious scripts into web pages, which can then be executed by users who visit thos...

The StatCounter plugin for WordPress has a security flaw that allows attackers to inject malicious scripts into your website, potentially harming visitors. This can happen if an attacker has contribut...