CVE tracker
@CVEtracker
282 subscribers
3.69K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
About
Blog
Apps
Platform
Join
CVE tracker
282 subscribers
CVE tracker
CVE-2026-3999 - Apache HTTP Server Privilege Escalation Vulnerability

CVE ID :CVE-2026-3999
Published : March 13, 2026, 10:23 a.m. | 1 hour, 39 minutes ago
Description :A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-3873 - Avantra Hard-coded Credentials Authentication Bypass

CVE ID :CVE-2026-3873
Published : March 13, 2026, 10:23 a.m. | 1 hour, 39 minutes ago
Description :Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
5 views
CVE tracker
CVE-2026-32447 - Atarim Visual Collaboration Missing Authorization Vulnerability

CVE ID :CVE-2026-32447
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32446 - WPForms Lite Missing Authorization Vulnerability

CVE ID :CVE-2026-32446
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32448 - Podlove Podcast Publisher Cross-site Scripting Vulnerability

CVE ID :CVE-2026-32448
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32449 - Themifyme Themify Event Post Stored Cross-site Scripting

CVE ID :CVE-2026-32449
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32450 - RealMag777 Active Products Tables for WooCommerce Cross-site Scripting

CVE ID :CVE-2026-32450
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32451 - ThemeFusion Fusion Builder Missing Authorization Vulnerability

CVE ID :CVE-2026-32451
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32452 - ThemeFusion Fusion Builder Missing Authorization Vulnerability

CVE ID :CVE-2026-32452
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32453 - Avada Core Missing Authorization Vulnerability

CVE ID :CVE-2026-32453
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32454 - Avada ThemeFusion Cross-site Scripting (XSS)

CVE ID :CVE-2026-32454
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32455 - RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter Cross-site Scripting

CVE ID :CVE-2026-32455
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32457 - Wombat Plugins WooCommerce Advanced Product Fields Missing Authorization Vulnerability

CVE ID :CVE-2026-32457
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
2 views
CVE tracker
CVE-2026-32456 - Admin Menu Editor CSRF Vulnerability

CVE ID :CVE-2026-32456
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32458 - RealMag777 WOLF SQL Injection

CVE ID :CVE-2026-32458
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32459 - Flycart UpsellWP SQL Injection

CVE ID :CVE-2026-32459
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32460 - Themefic Ultimate Addons for Contact Form 7 Cross-Site Scripting (XSS)

CVE ID :CVE-2026-32460
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32462 - Liton Arefin Master Addons for Elementor Cross-site Scripting

CVE ID :CVE-2026-32462
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32461 - Really Simple SSL Missing Authorization Vulnerability

CVE ID :CVE-2026-32461
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
2 views
CVE tracker
CVE-2026-32486 - Wptravelengine Travel Booking Missing Authorization Vulnerability

CVE ID :CVE-2026-32486
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views
CVE tracker
CVE-2026-32487 - Raratheme Lawyer Landing Page Missing Authorization Vulnerability

CVE ID :CVE-2026-32487
Published : March 13, 2026, 12:22 p.m. | 3 hours, 41 minutes ago
Description :Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
3 views