Export limit exceeded: 347228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347228 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36388 | 1 Ydesignservices | 1 Yds Support Ticket System | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. | ||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2026-04-28 | 8.8 High |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-36383 | 1 Webhelpagency | 1 Wha Wordsearch | 2026-04-28 | 5.4 Medium |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. | ||||
| CVE-2022-36355 | 1 Easy Org Chart Project | 1 Easy Org Chart | 2026-04-28 | 5.4 Medium |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | ||||
| CVE-2022-36352 | 1 Metagauss | 1 Profilegrid | 2026-04-28 | 6.3 Medium |
| Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | ||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2026-04-28 | 4.8 Medium |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. | ||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2026-04-28 | 7.2 High |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | ||||
| CVE-2022-35726 | 1 Yotuwp | 1 Video Gallery | 2026-04-28 | 4.3 Medium |
| Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | ||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2026-04-28 | 8.8 High |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-34839 | 1 Codexshaper | 1 Wp Oauth2 Server | 2026-04-28 | 5.9 Medium |
| Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-34344 | 1 Rymera | 1 Wholesale Suite | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | ||||
| CVE-2022-34155 | 1 Miniorange | 1 Oauth Single Sign On | 2026-04-28 | 8.8 High |
| Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | ||||
| CVE-2022-33191 | 1 Testimonials Project | 1 Testimonials | 2026-04-28 | 4.1 Medium |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-33201 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2026-04-28 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | ||||
| CVE-2022-33900 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-28 | 4.1 Medium |
| PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-31474 | 1 Ithemes | 1 Backupbuddy | 2026-04-28 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | ||||
| CVE-2022-29420 | 1 Edmonsoft | 1 Countdown Builder | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. | ||||
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2026-04-28 | 4.1 Medium |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | ||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2026-04-28 | 7.5 High |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | ||||
| CVE-2026-35245 | 1 Oracle | 1 Vm Virtualbox | 2026-04-28 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||