Export limit exceeded: 13703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13703 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32355 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-22 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1. | ||||
| CVE-2026-32357 | 2 Katsushi Kawamori, Wordpress | 2 Simple Blog Card, Wordpress | 2026-04-22 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37. | ||||
| CVE-2026-32406 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Product Bundles For Woocommerce | 2026-04-22 | 4.3 Medium |
| Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5. | ||||
| CVE-2026-32407 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Wishlist For Woocommerce | 2026-04-22 | 4.3 Medium |
| Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8. | ||||
| CVE-2026-32424 | 2 Boldgrid, Wordpress | 2 Sprout Clients, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2. | ||||
| CVE-2026-2233 | 2 Wedevs, Wordpress | 2 User Frontend Ai Powered Frontend Posting, User Directory, Profile, Membership & User Registration, Wordpress | 2026-04-22 | 5.3 Medium |
| The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft_post() function in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to modify arbitrary posts (e.g. unpublish published posts and overwrite the contents) via the 'post_id' parameter. | ||||
| CVE-2026-3891 | 2 Linknacional, Wordpress | 2 Pix For Woocommerce, Wordpress | 2026-04-22 | 9.8 Critical |
| The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2026-32447 | 2 Vito Peleg, Wordpress | 2 Atarim, Wordpress | 2026-04-22 | 4.3 Medium |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2. | ||||
| CVE-2026-32449 | 2 Themifyme, Wordpress | 2 Themify Event Post, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4. | ||||
| CVE-2026-31922 | 2 Ays-pro, Wordpress | 2 Fox Lms, Wordpress | 2026-04-22 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3. | ||||
| CVE-2026-32337 | 2 Rarathemes, Wordpress | 2 Preschool And Kindergarten, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5. | ||||
| CVE-2026-32348 | 2 Madrasthemes, Wordpress | 2 Mas Videos, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2. | ||||
| CVE-2026-32450 | 2 Realmag777, Wordpress | 2 Active Products Tables For Woocommerce, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7. | ||||
| CVE-2026-32379 | 2 Raratheme, Wordpress | 2 Rara Academic, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2. | ||||
| CVE-2026-32416 | 2 Bplugins, Wordpress | 2 Pdf Poster, Wordpress | 2026-04-22 | 5.4 Medium |
| Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0. | ||||
| CVE-2026-31918 | 2 Immonex, Wordpress | 2 Immonex Kickstart, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0. | ||||
| CVE-2026-31917 | 2 Wedevs, Wordpress | 2 Wp Erp, Wordpress | 2026-04-22 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10. | ||||
| CVE-2026-32431 | 2 Brainstorm Force, Wordpress | 2 Astra Bulk Edit, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10. | ||||
| CVE-2026-32387 | 2 Noorsplugin, Wordpress | 2 Checkout For Paypal, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46. | ||||
| CVE-2026-4063 | 2 Wordpress, Wpzoom | 2 Wordpress, Social Icons Widget & Block – Social Media Icons & Share Buttons | 2026-04-22 | 4.3 Medium |
| The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter. | ||||