Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28012 | 2 Themerex, Wordpress | 2 Gridiron, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through <= 1.0.14. | ||||
| CVE-2026-28017 | 2 Themerex, Wordpress | 2 Green Thumb, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Green Thumb greenthumb allows PHP Local File Inclusion.This issue affects Green Thumb: from n/a through <= 1.1.12. | ||||
| CVE-2026-27990 | 2 Themerex, Wordpress | 2 Confix, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects ConFix: from n/a through <= 1.013. | ||||
| CVE-2026-27989 | 2 Themerex, Wordpress | 2 Quanzo, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanzo: from n/a through <= 1.0.10. | ||||
| CVE-2026-22451 | 2 Ancorathemes, Wordpress | 2 Handyman, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through <= 1.4.7. | ||||
| CVE-2026-22432 | 2 Ancorathemes, Wordpress | 2 Woopy, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through <= 1.2. | ||||
| CVE-2026-27098 | 2 Axiomthemes, Wordpress | 2 Au Pair Agency - Babysitting & Nanny Theme, Wordpress | 2026-04-22 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through <= 1.2.2. | ||||
| CVE-2026-1674 | 2 Saadiqbal, Wordpress | 2 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, And Custom Form Builder, Wordpress | 2026-04-22 | 6.5 Medium |
| The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save_gutena_forms_schema() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to update option values to a structured array value on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values, that would, for example enable site user registration when it is explicitly disabled. | ||||
| CVE-2026-22457 | 2 Mikado-themes, Wordpress | 2 Wanderland, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5. | ||||
| CVE-2026-22441 | 2 Elated-themes, Wordpress | 2 Zentrum, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Zentrum zentrum allows PHP Local File Inclusion.This issue affects Zentrum: from n/a through <= 1.0. | ||||
| CVE-2026-3132 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-04-22 | 8.8 High |
| The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server. | ||||
| CVE-2026-22390 | 2 Builderall, Wordpress | 2 Builder For Wordpress, Wordpress | 2026-04-22 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1. | ||||
| CVE-2026-22408 | 2 Mikado-themes, Wordpress | 2 Justicia, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affects Justicia: from n/a through <= 1.2. | ||||
| CVE-2026-22497 | 2 Ancorathemes, Wordpress | 2 Jardi, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2. | ||||
| CVE-2026-22433 | 2 Ancorathemes, Wordpress | 2 Cloudme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CloudMe cloudme allows PHP Local File Inclusion.This issue affects CloudMe: from n/a through <= 1.2.2. | ||||
| CVE-2026-22427 | 2 Mikado-themes, Wordpress | 2 Gotravel, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affects GoTravel: from n/a through <= 2.1. | ||||
| CVE-2026-2583 | 2 Creativethemes, Wordpress | 2 Blocksy, Wordpress | 2026-04-22 | 6.4 Medium |
| The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1566 | 2 Latepoint, Wordpress | 2 Latepoint – Calendar Booking Plugin For Appointments And Events, Wordpress | 2026-04-22 | 8.8 High |
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to set the 'wordpress_user_id' field. This makes it possible for authenticated attackers, with Agent-level access and above, to gain elevated privileges by linking a customer to the arbitrary user ID, including administrators, and then resetting the password. | ||||
| CVE-2026-22421 | 2 Ancorathemes, Wordpress | 2 Quantum, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Quantum quantum allows PHP Local File Inclusion.This issue affects Quantum: from n/a through <= 1.0. | ||||
| CVE-2026-22474 | 2 Themerex, Wordpress | 2 Equestrian Centre, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5. | ||||