Export limit exceeded: 13703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13703 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3986 | 2 Codepeople, Wordpress | 2 Calculated Fields Form, Wordpress | 2026-04-22 | 6.4 Medium |
| The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the `fcontent` field in `fhtml` field types. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1704 | 2 Croixhaug, Wordpress | 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress | 2026-04-22 | 4.3 Medium |
| The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the `get_item_permissions_check` method granting access to users with the `ssa_manage_appointments` capability without validating staff ownership of the requested appointment. This makes it possible for authenticated attackers, with custom-level access and above (users granted the ssa_manage_appointments capability, such as Team Members), to view appointment records belonging to other staff members and access sensitive customer personally identifiable information via the appointment ID parameter. | ||||
| CVE-2026-32354 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-04-22 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9. | ||||
| CVE-2026-32369 | 2 Radiustheme, Wordpress | 2 Medilink-core, Wordpress | 2026-04-22 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through < 2.0.7. | ||||
| CVE-2026-32370 | 2 Raratheme, Wordpress | 2 Influencer, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7. | ||||
| CVE-2026-32374 | 2 Raratheme, Wordpress | 2 The Minimal, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9. | ||||
| CVE-2026-32353 | 2 Mailerpress Team, Wordpress | 2 Mailerpress, Wordpress | 2026-04-22 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2. | ||||
| CVE-2026-32385 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-04-22 | 5.4 Medium |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||||
| CVE-2026-32390 | 2 Linethemes, Wordpress | 2 Nanosoft, Wordpress | 2026-04-22 | 5.4 Medium |
| Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2. | ||||
| CVE-2026-32376 | 2 Raratheme, Wordpress | 2 Kalon, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9. | ||||
| CVE-2026-32378 | 2 Rarathemes, Wordpress | 2 Book Landing Page, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7. | ||||
| CVE-2026-32366 | 2 Robfelty, Wordpress | 2 Collapsing Categories, Wordpress | 2026-04-22 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9. | ||||
| CVE-2026-32361 | 2 Marketing Fire, Wordpress | 2 Editorial Calendar, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9.0. | ||||
| CVE-2026-32392 | 2 Creatives Planet, Wordpress | 2 Greenly, Wordpress | 2026-04-22 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1. | ||||
| CVE-2026-32430 | 2 Ideabox, Wordpress | 2 Powerpack Addons For Elementor, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9. | ||||
| CVE-2026-32335 | 2 Rarathemes, Wordpress | 2 The Conference, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5. | ||||
| CVE-2026-32393 | 2 Creatives Planet, Wordpress | 2 Greenly Theme Addons, Wordpress | 2026-04-22 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2. | ||||
| CVE-2026-32405 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-22 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | ||||
| CVE-2026-32457 | 2 Wombat Plugins, Wordpress | 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18. | ||||
| CVE-2026-32336 | 2 Rarathemes, Wordpress | 2 Rara Business, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0. | ||||