Export limit exceeded: 347340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39631 | 2 Ronik@unlimitedwp, Wordpress | 2 Wpschoolpress, Wordpress | 2026-04-29 | 4.9 Medium |
| Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35. | ||||
| CVE-2026-39627 | 2 Wordpress, Wproyal | 2 Wordpress, Ashe | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266. | ||||
| CVE-2026-39626 | 2 Kutethemes, Wordpress | 2 Armania, Wordpress | 2026-04-29 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | ||||
| CVE-2026-39572 | 2 Mage-people, Wordpress | 2 Bus Ticket Booking With Seat Reservation, Wordpress | 2026-04-29 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5. | ||||
| CVE-2026-39602 | 2 Rustaurius, Wordpress | 2 Order Tracking, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3. | ||||
| CVE-2026-39566 | 2 Designinvento, Wordpress | 2 Directorypress, Wordpress | 2026-04-29 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26. | ||||
| CVE-2026-39506 | 2 Jordy Meow, Wordpress | 2 Ai-engine, Wordpress | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a through < 3.4.2. | ||||
| CVE-2026-39477 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-04-29 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3. | ||||
| CVE-2026-39488 | 2 Surecart, Wordpress | 2 Surecart, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | ||||
| CVE-2026-39510 | 2 Wordpress, Wpchill | 2 Wordpress, Image Photo Gallery Final Tiles Grid | 2026-04-29 | 2.7 Low |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11. | ||||
| CVE-2026-39486 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-04-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8. | ||||
| CVE-2026-39475 | 2 Syed Balkhi, Wordpress | 2 User Feedback, Wordpress | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1. | ||||
| CVE-2026-32587 | 2 Saad Iqbal, Wordpress | 2 Wp Easypay, Wordpress | 2026-04-29 | 5.4 Medium |
| Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11. | ||||
| CVE-2026-32586 | 2 Pluggabl, Wordpress | 2 Booster For Woocommerce, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3. | ||||
| CVE-2026-32565 | 2 Webberzone, Wordpress | 2 Contextual Related Posts, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2. | ||||
| CVE-2026-32562 | 2 Wordpress, Wp Folio Team | 2 Wordpress, Ppwp | 2026-04-29 | 5.4 Medium |
| Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15. | ||||
| CVE-2026-32546 | 2 Stellarwp, Wordpress | 2 Restrict Content, Wordpress | 2026-04-29 | 7.5 High |
| Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22. | ||||
| CVE-2026-32541 | 2 Premmerce, Wordpress | 2 Premmerce Redirect Manager, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12. | ||||
| CVE-2026-32567 | 2 Icopydoc, Wordpress | 2 Yml For Yandex Market, Wordpress | 2026-04-29 | 6.8 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0. | ||||
| CVE-2026-32527 | 2 Crmperks, Wordpress | 2 Wp Insightly For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5. | ||||