Export limit exceeded: 34853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34853 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2409 | 1 Stylemixthemes | 1 Masterstudy Lms | 2026-04-08 | 9.8 Critical |
| The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled. | ||||
| CVE-2024-2340 | 1 Theme-fusion | 1 Avada | 2026-04-08 | 5.3 Medium |
| The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. | ||||
| CVE-2024-2112 | 1 10web | 1 Form Maker | 2026-04-08 | 5.9 Medium |
| The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. | ||||
| CVE-2024-2107 | 1 Blossomthemes | 1 Blossom Spa | 2026-04-08 | 5.8 Medium |
| The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts. | ||||
| CVE-2024-2088 | 1 Nextscripts | 1 Social Networks Auto Poster | 2026-04-08 | 8.5 High |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets. | ||||
| CVE-2024-1645 | 1 Wobbie | 1 Mollie Forms | 2026-04-08 | 4.3 Medium |
| The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin. | ||||
| CVE-2024-1640 | 1 Bitapps | 1 Contact Form Builder | 2026-04-08 | 5.3 Medium |
| The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions. | ||||
| CVE-2024-1479 | 2 Edge22, Generatepress | 2 Wp Show Posts, Wp Show Posts | 2026-04-08 | 5.3 Medium |
| The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages. | ||||
| CVE-2024-1478 | 1 Helderk | 1 Maintenance Mode | 2026-04-08 | 5.3 Medium |
| The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin. | ||||
| CVE-2024-1475 | 1 Awplife | 1 Coming Soon Maintenance Mode | 2026-04-08 | 5.3 Medium |
| The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin. | ||||
| CVE-2024-1473 | 1 Colorlib | 1 Coming Soon \& Maintenance Mode | 2026-04-08 | 5.3 Medium |
| The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin. | ||||
| CVE-2024-1472 | 2 Restezconnectes, Wordpress | 2 Wp Maintenance, Wordpress | 2026-04-08 | 5.3 Medium |
| The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API. | ||||
| CVE-2024-1462 | 1 Themegrill | 1 Maintenance Page | 2026-04-08 | 5.3 Medium |
| The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode. | ||||
| CVE-2024-1452 | 1 Generatepress | 1 Generateblocks | 2026-04-08 | 4.3 Medium |
| The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates. | ||||
| CVE-2024-1400 | 1 Wobbie | 1 Mollie Forms | 2026-04-08 | 4.3 Medium |
| The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages. | ||||
| CVE-2024-1381 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2026-04-08 | 6.5 Medium |
| The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data. | ||||
| CVE-2024-1321 | 1 Metagauss | 1 Eventprime | 2026-04-08 | 5.3 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free. | ||||
| CVE-2024-1217 | 1 Kaliforms | 1 Contact Form Builder | 2026-04-08 | 7.6 High |
| The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins. | ||||
| CVE-2024-1210 | 1 Learndash | 1 Learndash | 2026-04-08 | 5.3 Medium |
| The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. | ||||
| CVE-2024-1209 | 1 Learndash | 1 Learndash | 2026-04-08 | 5.3 Medium |
| The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. | ||||