Export limit exceeded: 347350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347350 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36680 | 2026-04-28 | 5.4 Medium | ||
| Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0. | ||||
| CVE-2023-36677 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2026-04-28 | 8.3 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | ||||
| CVE-2023-36531 | 2026-04-28 | 4.3 Medium | ||
| Missing Authorization vulnerability in LiquidPoll LiquidPoll – Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll – Advanced Polls for Creators and Brands: from n/a through 3.3.68. | ||||
| CVE-2023-36529 | 1 Favethemes | 1 Houzez | 2026-04-28 | 9.9 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. | ||||
| CVE-2023-36528 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3. | ||||
| CVE-2023-36527 | 1 Bestwebsoft | 1 Post To Csv | 2026-04-28 | 4.7 Medium |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | ||||
| CVE-2023-36526 | 2026-04-28 | 5.4 Medium | ||
| Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2.4.1. | ||||
| CVE-2023-36519 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15. | ||||
| CVE-2023-36518 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2. | ||||
| CVE-2023-36510 | 2026-04-28 | 7.3 High | ||
| Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211. | ||||
| CVE-2023-36509 | 2026-04-28 | 5.4 Medium | ||
| Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5. | ||||
| CVE-2023-36508 | 1 Bestwebsoft | 1 Contact Form To Db | 2026-04-28 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1. | ||||
| CVE-2023-36506 | 2026-04-28 | 5.3 Medium | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0. | ||||
| CVE-2023-36385 | 1 Wpxpo | 1 Postx | 2026-04-28 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions. | ||||
| CVE-2023-35910 | 1 Quasar-form | 1 Quasar Form | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0. | ||||
| CVE-2023-35879 | 1 Woo | 1 Product Vendors | 2026-04-28 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78. | ||||
| CVE-2023-35877 | 1 Vadimk | 1 Extra User Details | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5. | ||||
| CVE-2023-35875 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5. | ||||
| CVE-2023-35777 | 2026-04-28 | 5.3 Medium | ||
| Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2. | ||||
| CVE-2023-35091 | 1 Storeapps | 1 Stock Manager For Woocommerce | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions. | ||||