Export limit exceeded: 13703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13703 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-3986 2 Codepeople, Wordpress 2 Calculated Fields Form, Wordpress 2026-04-22 6.4 Medium
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the `fcontent` field in `fhtml` field types. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-1704 2 Croixhaug, Wordpress 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress 2026-04-22 4.3 Medium
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the `get_item_permissions_check` method granting access to users with the `ssa_manage_appointments` capability without validating staff ownership of the requested appointment. This makes it possible for authenticated attackers, with custom-level access and above (users granted the ssa_manage_appointments capability, such as Team Members), to view appointment records belonging to other staff members and access sensitive customer personally identifiable information via the appointment ID parameter.
CVE-2026-32354 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-04-22 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
CVE-2026-32369 2 Radiustheme, Wordpress 2 Medilink-core, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through < 2.0.7.
CVE-2026-32370 2 Raratheme, Wordpress 2 Influencer, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.
CVE-2026-32374 2 Raratheme, Wordpress 2 The Minimal, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.
CVE-2026-32353 2 Mailerpress Team, Wordpress 2 Mailerpress, Wordpress 2026-04-22 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2.
CVE-2026-32385 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-32390 2 Linethemes, Wordpress 2 Nanosoft, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
CVE-2026-32376 2 Raratheme, Wordpress 2 Kalon, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.
CVE-2026-32378 2 Rarathemes, Wordpress 2 Book Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7.
CVE-2026-32366 2 Robfelty, Wordpress 2 Collapsing Categories, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.
CVE-2026-32361 2 Marketing Fire, Wordpress 2 Editorial Calendar, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9.0.
CVE-2026-32392 2 Creatives Planet, Wordpress 2 Greenly, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.
CVE-2026-32430 2 Ideabox, Wordpress 2 Powerpack Addons For Elementor, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9.
CVE-2026-32335 2 Rarathemes, Wordpress 2 The Conference, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32393 2 Creatives Planet, Wordpress 2 Greenly Theme Addons, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.
CVE-2026-32405 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-04-22 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.
CVE-2026-32457 2 Wombat Plugins, Wordpress 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.
CVE-2026-32336 2 Rarathemes, Wordpress 2 Rara Business, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.