Export limit exceeded: 344999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344999 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22401 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2. | ||||
| CVE-2026-22406 | 2 Mikado-themes, Wordpress | 2 Overton, Wordpress | 2026-04-16 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3. | ||||
| CVE-2026-22426 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2. | ||||
| CVE-2026-22445 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. | ||||
| CVE-2026-22462 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5. | ||||
| CVE-2026-22463 | 2 Micro.company, Wordpress | 2 Form To Chat App, Wordpress | 2026-04-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5. | ||||
| CVE-2026-22464 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33. | ||||
| CVE-2026-22466 | 2 Chandnipatel, Wordpress | 2 Wp Mapit, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3. | ||||
| CVE-2026-22469 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2. | ||||
| CVE-2026-22470 | 2 Firestorm Plugins, Wordpress | 2 Firestorm Professional Real Estate, Wordpress | 2026-04-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11. | ||||
| CVE-2026-22483 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12. | ||||
| CVE-2026-23976 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery | 2026-04-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4. | ||||
| CVE-2026-24354 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1. | ||||
| CVE-2026-24365 | 2 Storeapps, Wordpress | 2 Stock Manager For Woocommerce, Wordpress | 2026-04-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0. | ||||
| CVE-2026-24366 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Request A Quote | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0. | ||||
| CVE-2026-24368 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 8.8 High |
| Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | ||||
| CVE-2026-21264 | 1 Microsoft | 2 Account, Micrososft Account | 2026-04-16 | 9.3 Critical |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-24525 | 2 Cloudpanel, Wordpress | 2 Clp Varnish Cache, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2. | ||||
| CVE-2026-24538 | 2 Omnipressteam, Wordpress | 2 Omnipress, Wordpress | 2026-04-16 | 7.6 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.7. | ||||
| CVE-2026-24544 | 2 Harmonicdesign, Wordpress | 2 Hd Quiz, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9. | ||||