Search Results (10313 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22384 2 Leafcolor, Wordpress 2 Applay - Shortcodes, Wordpress 2026-02-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.
CVE-2026-22354 2 Dotstore, Wordpress 2 Woocommerce Category Banner Management, Wordpress 2026-02-24 8.8 High
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through <= 2.5.1.
CVE-2025-69366 2 Teconcetheme, Wordpress 2 Emerce Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Injection.This issue affects Emerce Core: from n/a through <= 1.8.
CVE-2025-69365 2 Teconcetheme, Wordpress 2 Uroan Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from n/a through <= 1.4.4.
CVE-2025-69337 2 D-themes, Wordpress 2 Wolmart, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core: from n/a through <= 1.9.6.
CVE-2025-69329 2 Jthemes, Wordpress 2 Prestige, Wordpress 2026-02-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.
CVE-2025-69328 2 Magepeople, Wordpress 2 Booking & Rental Manager, Wordpress 2026-02-24 8.8 High
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.9.
CVE-2025-69325 2 Primersoftware, Wordpress 2 Primer Mydata For Woocommerce, Wordpress 2026-02-24 5.3 Medium
Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.
CVE-2025-69310 2 Teconcetheme, Wordpress 2 Woodly Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through <= 1.4.
CVE-2025-69309 2 Teconcetheme, Wordpress 2 Saasplate Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind SQL Injection.This issue affects Saasplate Core: from n/a through <= 1.2.8.
CVE-2025-69308 2 Teconcetheme, Wordpress 2 Nestbyte Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Core: from n/a through <= 1.2.
CVE-2025-69307 2 Teconcetheme, Wordpress 2 Medinik Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through <= 1.3.6.
CVE-2025-69306 2 Teconcetheme, Wordpress 2 Electio Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through <= 1.4.
CVE-2025-69305 2 Teconcetheme, Wordpress 2 Crete Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through <= 1.4.3.
CVE-2025-69304 2 Teconcetheme, Wordpress 2 Allmart, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through <= 1.1.
CVE-2025-69295 2 Teconcetheme, Wordpress 2 Coven Core, Wordpress 2026-02-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through <= 1.3.
CVE-2025-67987 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-02-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.
CVE-2026-23693 2 Roxnor, Wordpress 2 Elementskit Lite, Wordpress 2026-02-24 10 Critical
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site.
CVE-2026-22381 2 Mikado-themes, Wordpress 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress 2026-02-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
CVE-2026-22365 2 Axiomthemes, Wordpress 2 Soleng, Wordpress 2026-02-24 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through <= 1.0.5.