CVE Vulnerabilities - 20 February 2026

A security issue in Vanquish User Extra Fields plugin for WordPress allows hackers to steal sensitive user information by sending a malicious email. This affects users who have installed the plugin ve...

An attacker can inject malicious code into GMap Targeting, potentially stealing user data or taking control of a user's account. This affects GMap Targeting versions up to 1.1.7, so update to a fixed ...

A security issue in NPS computy versions up to 2.8.2 allows hackers to inject malicious code into web pages, potentially stealing user data or taking control of user sessions. This issue can be exploi...

Using FixBD Educare version 1.6.1 or earlier, attackers can trick you into visiting a fake link that can steal your data or take control of your account. This is a risk because it can lead to unauthor...

A security issue in Fox-Themes Prague plugins makes it possible for attackers to inject malicious code into websites that use the plugin. If you have this plugin installed, an attacker could potential...

FluentCart, a plugin for WordPress, has a security flaw that allows hackers to steal user data or take control of user sessions. This affects versions of FluentCart before 1.3.0. To stay safe, update ...

The WP Wizard Cloak plugin for WordPress is vulnerable to a security issue that could allow hackers to inject malicious code into web pages. This could potentially harm users who interact with affecte...

A security issue in RylanH Storyform could let hackers inject malicious code into your website. This could happen if a user clicks on a link or visits a website that contains malicious code. To avoid ...

A security issue in Easy Taxonomy Images allows hackers to inject malicious code into your website, potentially allowing them to steal user data or take control of your site. If you're using Easy Taxo...

A security issue in Jezza101 bbpress Simple Advert Units plugin allows hackers to inject malicious scripts into your website, potentially causing harm to your visitors. This affects versions 0.42 and ...

Versions of Node.js Tar below 7.5.8 may allow an attacker to read or write arbitrary files on the system. This happens when a malicious archive is extracted, allowing the attacker to access files outs...

A vulnerability in TensorFlow's HDF5 library allows attackers who already have some access to the computer to gain even more access and run unauthorized code. This is a risk because it could allow mal...

If not updated, attackers on the same network can use a specific file to run malicious code on your Deciso OPNsense system, even if they don't have a login. This can lead to unauthorized changes or da...

A security issue in Sricam DeviceViewer 3.12.0.1 allows anyone who has logged in to change passwords without needing to know the current password. This could allow an attacker to gain control of the a...

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\sr...

A security issue in Simple File List allows hackers to access files they shouldn't be able to access on your server. This puts sensitive information at risk. Update to the latest version of Simple Fil...

A security weakness in the WooCommerce plugin Print Invoice & Delivery Notes allows hackers to access sensitive information if access controls are not set up correctly. This plugin, which helps manage...

A security issue exists in Subscribe2, a plugin for managing email subscriptions. If not configured correctly, this could allow unauthorized users to access or modify subscription settings. Update to ...

Some events in WP FullCalendar may be visible to users who shouldn't see them. This is because the security settings weren't properly configured. To fix this, update to the latest version of WP FullCa...

The PDF generator for Elementor Forms may allow anyone to access and modify sensitive information if the security settings are not properly configured. This affects the PDF for Elementor Forms + Drag ...

A security issue in Cliengo Chatbot allows someone with incorrect permissions to access areas they shouldn't. This affects older versions of Cliengo Chatbot, including version 3.0.4 and below. To stay...

The AgniHD Cartify - WooCommerce Gutenberg WordPress Theme has a security weakness that could allow unauthorized users to access and manipulate cart functions, potentially leading to financial loss an...

A security issue in WPKube Cool Tag Cloud allows attackers to store malicious code on a website, which can be executed by visitors. This could lead to unauthorized actions, such as stealing user data ...

A security issue exists in AhaChat Messenger Marketing, a software used for marketing. If not addressed, attackers could potentially recover passwords without the user's consent, potentially leading t...

The ELEX WordPress HelpDesk & Customer Ticketing System has a security weakness that makes it possible for unauthorized users to access sensitive areas of the system. This is because the system's acce...