Export limit exceeded: 13617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13531 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'product_name' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-14127 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.1 Medium |
| The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-4949 | 2 Properfraction, Wordpress | 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress | 2026-04-22 | 4.3 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process_checkout' function not properly enforcing the plan active status check when a 'change_plan_sub_id' parameter is provided. This makes it possible for authenticated attackers, with Subscriber-level access and above, to subscribe to inactive membership plans by supplying an arbitrary 'change_plan_sub_id' value in the checkout request. | ||||
| CVE-2026-5617 | 2 Royalnavneet, Wordpress | 2 Login As User – Switch User & Woocommerce Login As Customer, Wordpress | 2026-04-22 | 8.8 High |
| The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine which user to authenticate as, without any server-side verification that the cookie value was legitimately set during an admin-initiated user switch. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to administrator by setting the oclaup_original_admin cookie to an administrator's user ID and triggering the "Return to Admin" functionality. | ||||
| CVE-2026-6293 | 2 Udamadu, Wordpress | 2 Inquiry Form To Posts Or Pages, Wordpress | 2026-04-22 | 4.3 Medium |
| The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version 1.0. This is due to missing nonce validation on the plugin settings update handler, combined with insufficient input sanitization on all user-supplied fields and missing output escaping when rendering stored values. The settings handler fires solely on the presence of `$_POST['inq_hidden'] == 'Y'` with no call to `check_admin_referer()` and no WordPress nonce anywhere in the form or handler. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request that tricks a logged-in Administrator into visiting a malicious page. | ||||
| CVE-2026-5717 | 2 Knighthawk, Wordpress | 2 Vi: Include Post By, Wordpress | 2026-04-22 | 6.4 Medium |
| The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-cat' shortcode in all versions up to, and including, 0.4.200706 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1782 | 2 Wordpress, Wpmet | 2 Wordpress, Metform Pro | 2026-04-22 | 5.3 Medium |
| The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations (Stripe/PayPal) trusting a user-submitted calculation field value without recomputing or validating it against the configured form price. This makes it possible for unauthenticated attackers to manipulate the payment amount via the 'mf-calculation' field in the form submission REST request granted there exists a specific form with this particular configuration. | ||||
| CVE-2026-1509 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-04-22 | 5.4 Medium |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's `output_action_hook()` function accepting user-controlled input to trigger any registered WordPress action hook without proper authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary WordPress action hooks via the Dynamic Data feature, potentially leading to privilege escalation, file inclusion, denial of service, or other security impacts depending on which action hooks are available in the WordPress installation. | ||||
| CVE-2025-15470 | 2 Designingmedia, Wordpress | 2 Eleganzo, Wordpress | 2026-04-22 | 6.5 Medium |
| The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary directories on the server, including the WordPress root directory. | ||||
| CVE-2026-40737 | 2 Villatheme, Wordpress | 2 Compe, Wordpress | 2026-04-22 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= 1.1.4. | ||||
| CVE-2026-5694 | 2 Aerin, Wordpress | 2 Quick Interest Slider, Wordpress | 2026-04-22 | 7.2 High |
| The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-15565 | 2 Cartasi, Wordpress | 2 Nexi Xpay, Wordpress | 2026-04-22 | 5.3 Medium |
| The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed. | ||||
| CVE-2026-1541 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-04-22 | 4.3 Medium |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_post_custom_field()` function failing to validate whether metadata keys are protected (underscore-prefixed). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract protected post metadata fields that should not be publicly accessible via the Dynamic Data feature's `post_custom_field` parameter. | ||||
| CVE-2026-6370 | 2 Hashthemes, Wordpress | 2 Mini Ajax Cart For Woocommerce, Wordpress | 2026-04-22 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4. | ||||
| CVE-2026-1607 | 2 Surbma, Wordpress | 2 Surbma | Booking.com Shortcode, Wordpress | 2026-04-22 | 6.4 Medium |
| The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-4091 | 2 Faridsaniee, Wordpress | 2 Open-brain, Wordpress | 2026-04-22 | 6.1 Medium |
| The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func_page_main() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-6227 | 2 Wordpress, Wp Media | 2 Wordpress, Backwpup – Wordpress Backup & Restore Plugin | 2026-04-22 | 7.2 High |
| The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to include arbitrary PHP files on the server via crafted traversal sequences (e.g., `....//`), which can be leveraged to read sensitive files such as `wp-config.php` or achieve remote code execution in certain configurations. Administrators have the ability to grant individual users permission to handle backups, which may then allow lower-level users to exploit this vulnerability. | ||||
| CVE-2026-1314 | 2 Iberezansky, Wordpress | 2 3d Flipbook – Pdf Embedder, Pdf Flipbook Viewer, Flipbook Image Gallery, Wordpress | 2026-04-22 | 5.3 Medium |
| The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticated attackers to retrieve flipbook page metadata for draft, private and password-protected flipbooks. | ||||
| CVE-2026-6372 | 2 Plisio, Wordpress | 2 Accept Cryptocurrencies With Plisio, Wordpress | 2026-04-22 | 7.5 High |
| Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5. | ||||
| CVE-2026-4880 | 2 Ukrsolution, Wordpress | 2 Barcode Scanner And Inventory Manager, Wordpress | 2026-04-22 | 9.8 Critical |
| The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the 'barcodeScannerConfigs' action, and lacking meta-key restrictions on the 'setUserMeta' action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the admin user ID to leak their authentication token, then using that token to update any user's 'wp_capabilities' meta to gain full administrative access. | ||||