Export limit exceeded: 346836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25465 | 2 Codepeople, Wordpress | 2 Cp Multi View Event Calendar, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36. | ||||
| CVE-2026-25469 | 2 Viabill For Woocommerce, Wordpress | 2 Viabill – Woocommerce, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through <= 1.1.53. | ||||
| CVE-2026-27095 | 2 Mage-people, Wordpress | 2 Bus Ticket Booking With Seat Reservation, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.6.0. | ||||
| CVE-2026-27044 | 2 Totalsuite, Wordpress | 2 Total Poll Lite, Wordpress | 2026-04-24 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||||
| CVE-2026-27045 | 2 Sbthemes, Wordpress | 2 Woocommerce Infinite Scroll, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through <= 1.6.2. | ||||
| CVE-2026-27051 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2026-04-24 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0. | ||||
| CVE-2026-27076 | 2 Mikado-themes, Wordpress | 2 Luxedrive, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.0. | ||||
| CVE-2026-27078 | 2 Mikado-themes, Wordpress | 2 Emaurri, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1. | ||||
| CVE-2026-27079 | 2 Mikado-themes, Wordpress | 2 Amfissa, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1. | ||||
| CVE-2026-27080 | 2 Mikado-themes, Wordpress | 2 Deston, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0. | ||||
| CVE-2026-27081 | 2 Mikado-themes, Wordpress | 2 Rosebud, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4. | ||||
| CVE-2026-27082 | 2 Themerex, Wordpress | 2 Love Story, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12. | ||||
| CVE-2026-27084 | 2 Themerex, Wordpress | 2 Buisson, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. | ||||
| CVE-2026-2931 | 2 Ameliabooking, Wordpress | 2 Booking For Appointments And Events Calendar, Wordpress | 2026-04-24 | 8.8 High |
| The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with customer-level permissions or above to change user passwords and potentially take over administrator accounts. The vulnerability is in the pro plugin, which has the same slug. | ||||
| CVE-2026-32441 | 2 Webtoffee, Wordpress | 2 Wordpress Comments Import And Export, Wordpress | 2026-04-24 | 7.7 High |
| Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9. | ||||
| CVE-2026-32482 | 2 Deothemes, Wordpress | 2 Ona, Wordpress | 2026-04-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. | ||||
| CVE-2026-32483 | 2 Codepeople, Wordpress | 2 Contact Form Email, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63. | ||||
| CVE-2026-32484 | 2 Boldgrid, Wordpress | 2 Weforms, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. | ||||
| CVE-2026-32485 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8. | ||||
| CVE-2026-4824 | 1 Enter Software | 1 Iperius Backup | 2026-04-24 | 7 High |
| A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.7.4 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||