Export limit exceeded: 12765 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12765 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53346 | 2 Thimpress, Wordpress | 2 Thim Core, Wordpress | 2026-06-02 | 4.3 Medium |
| Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3. | ||||
| CVE-2025-53440 | 2 Axiomthemes, Wordpress | 2 Confidant, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4. | ||||
| CVE-2025-58024 | 2 Unboundstudio, Wordpress | 2 Accordion Faq, Wordpress | 2026-06-02 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1. | ||||
| CVE-2025-58705 | 2 Axiomthemes, Wordpress | 2 Crafti, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12. | ||||
| CVE-2026-42670 | 2 Etoile Web Design Incorporated, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. | ||||
| CVE-2026-42684 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-42685 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-39550 | 2 Elated-themes, Wordpress | 2 Aperitif, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | ||||
| CVE-2026-39551 | 2 Elated-themes, Wordpress | 2 Töbel, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | ||||
| CVE-2026-39552 | 2 Code Supply Co., Wordpress | 2 Blueprint, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5. | ||||
| CVE-2026-39553 | 2 Select-themes, Wordpress | 2 Waveride, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4. | ||||
| CVE-2025-58707 | 2 Axiomthemes, Wordpress | 2 Spin, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8. | ||||
| CVE-2025-58897 | 2 Axiomthemes, Wordpress | 2 Fermentio, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0. | ||||
| CVE-2025-69369 | 2 Axiomthemes, Wordpress | 2 Racquet, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | ||||
| CVE-2025-68886 | 2 Androthemes, Wordpress | 2 Cookiteer, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | ||||
| CVE-2026-27351 | 2 Sekander Badsha, Wordpress | 2 Crew Hrm, Wordpress | 2026-06-02 | 5.4 Medium |
| Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2. | ||||
| CVE-2026-40780 | 2 Liquid Web / Stellarwp, Wordpress | 2 Bookit, Wordpress | 2026-06-02 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1. | ||||
| CVE-2026-8382 | 2 Wordpress, Wpengine | 2 Wordpress, Advanced Custom Fields | 2026-06-02 | 5.3 Medium |
| The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the post_title and post_content of any post bound to a publicly accessible acf_form() instance by injecting values into the _post_title and _post_content parameters of a form submission request. | ||||
| CVE-2026-42683 | 2 Vikwp, Wordpress | 2 Vikbooking Hotel Booking Engine & Pms, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8. | ||||
| CVE-2026-42681 | 2 E2pdf, Wordpress | 2 E2pdf, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14. | ||||