Export limit exceeded: 346271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27367 | 2 Themegoods, Wordpress | 2 Musico, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through < 3.4.5. | ||||
| CVE-2026-27362 | 2 Kamleshyadav, Wordpress | 2 Wp Bakery Autoresponder Addon, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6. | ||||
| CVE-2026-27358 | 2 Themegoods, Wordpress | 2 Architecturer, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through < 3.9.5. | ||||
| CVE-2026-27352 | 2 Themegoods, Wordpress | 2 Starto, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through < 2.2.5. | ||||
| CVE-2026-27348 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through < 7.7.6. | ||||
| CVE-2026-27344 | 2 Inseriswiss, Wordpress | 2 Inseri Core, Wordpress | 2026-04-23 | 5.9 Medium |
| Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1.0.5. | ||||
| CVE-2026-27096 | 2 Buddhathemes, Wordpress | 2 Colorfolio - Freelance Designer Wordpress Theme, Wordpress | 2026-04-23 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme colorfolio allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2026-27093 | 2 Ovatheme, Wordpress | 2 Tripgo, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6. | ||||
| CVE-2026-27091 | 2 Uipress, Wordpress | 2 Uipress Lite, Wordpress | 2026-04-23 | 6.3 Medium |
| Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09. | ||||
| CVE-2026-27070 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro everest-forms-pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through <= 1.9.12. | ||||
| CVE-2026-27068 | 2 Ryan Howard, Wordpress | 2 Website Llms.txt, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through <= 8.2.6. | ||||
| CVE-2026-27067 | 2 Syarif, Wordpress | 2 Mobile App Editor, Wordpress | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1. | ||||
| CVE-2026-27066 | 2 Pi Web Solution, Wordpress | 2 Live Sales Notification For Woocommerce, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.60. | ||||
| CVE-2026-27065 | 2 Thimpress, Wordpress | 2 Builderpress, Wordpress | 2026-04-23 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1. | ||||
| CVE-2026-27046 | 2 Kaira, Wordpress | 2 Storecustomizer, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3. | ||||
| CVE-2026-27043 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-23 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through < 7.7.6. | ||||
| CVE-2026-25471 | 2 Themepaste, Wordpress | 2 Admin Safety Guard, Wordpress | 2026-04-23 | 8.1 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.7. | ||||
| CVE-2026-25465 | 2 Codepeople, Wordpress | 2 Cp Multi View Event Calendar, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36. | ||||
| CVE-2026-25464 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4. | ||||
| CVE-2026-25456 | 2 Aarsiv Groups, Wordpress | 2 Automated Fedex Live/manual Rates With Shipping Labels, Wordpress | 2026-04-23 | 7.3 High |
| Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.9. | ||||