Export limit exceeded: 11765 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11765 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39631 | 2 Ronik@unlimitedwp, Wordpress | 2 Wpschoolpress, Wordpress | 2026-04-09 | 4.9 Medium |
| Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35. | ||||
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-09 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-39627 | 2 Wordpress, Wproyal | 2 Wordpress, Ashe | 2026-04-09 | 4.3 Medium |
| Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266. | ||||
| CVE-2026-39625 | 2 Kutethemes, Wordpress | 2 Techone, Wordpress | 2026-04-09 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3. | ||||
| CVE-2026-39623 | 2 Kutethemes, Wordpress | 2 Biolife, Wordpress | 2026-04-09 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3. | ||||
| CVE-2026-39621 | 2 Spicethemes, Wordpress | 2 Spicepress, Wordpress | 2026-04-09 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5. | ||||
| CVE-2026-39619 | 2 Priyanshumittal, Wordpress | 2 Busiprof, Wordpress | 2026-04-09 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. | ||||
| CVE-2026-4079 | 3 Guaven, Sql Chart Builder, Wordpress | 3 Sql Chart Builder, Sql Chart Builder, Wordpress | 2026-04-09 | 6.5 Medium |
| The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality. | ||||
| CVE-2025-15611 | 3 Ays-pro, Popup Box, Wordpress | 3 Popup Box, Popup Box, Wordpress | 2026-04-09 | 5.4 Medium |
| The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend. | ||||
| CVE-2026-5451 | 2 Hupe13, Wordpress | 2 Extensions For Leaflet Map, Wordpress | 2026-04-09 | 6.4 Medium |
| The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-4429 | 2 Photoweblog, Wordpress | 2 Osm – Openstreetmap, Wordpress | 2026-04-09 | 6.4 Medium |
| The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-39637 | 2 Spabrice, Wordpress | 2 Mogi, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3. | ||||
| CVE-2026-39635 | 2 Themegoods, Wordpress | 2 Grand Magazine, Wordpress | 2026-04-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5. | ||||
| CVE-2026-39633 | 2 Themegoods, Wordpress | 2 Grand Car Rental, Wordpress | 2026-04-09 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9. | ||||
| CVE-2026-5711 | 2 Pubudu-malalasekara, Wordpress | 2 Post Blocks & Tools, Wordpress | 2026-04-09 | 6.4 Medium |
| The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-39684 | 2 Untheme, Wordpress | 2 Organicfood, Wordpress | 2026-04-09 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affects OrganicFood: from n/a through <= 3.6.4. | ||||
| CVE-2026-39670 | 2 Brecht, Wordpress | 2 Visual Link Preview, Wordpress | 2026-04-09 | 6 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | ||||
| CVE-2026-39664 | 2 Leadrebel, Wordpress | 2 Leadrebel, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | ||||
| CVE-2026-39662 | 2 Prowcplugins, Wordpress | 2 Product Price By Formula For Woocommerce, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6. | ||||
| CVE-2026-39659 | 2 Ultimatemember, Wordpress | 2 Ultimate Member, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3. | ||||