Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11903 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-14429 2 Thememove, Wordpress 2 Aeroland, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6.
CVE-2026-22508 2 Ancorathemes, Wordpress 2 Dentalux, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3.
CVE-2026-22496 2 Ancorathemes, Wordpress 2 Hypnotherapy, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through <= 1.2.10.
CVE-2026-22500 2 Axiomthemes, Wordpress 2 M2 | Construction And Tools Store, Wordpress 2026-03-30 9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2.
CVE-2026-24363 2 Loopus, Wordpress 2 Wp Cost Estimation & Payment Forms Builder, Wordpress 2026-03-30 7.5 High
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.
CVE-2026-22513 2 Ancorathemes, Wordpress 2 Triompher, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through <= 1.1.0.
CVE-2026-23972 2 Magepeople, Wordpress 2 Booking & Rental Manager, Wordpress 2026-03-30 6.5 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.
CVE-2026-23806 2 Blueglass Interactive Ag, Wordpress 2 Jobs For Wordpress, Wordpress 2026-03-30 7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-22523 2 Themepassion, Wordpress 2 Ultra Wordpress Admin, Wordpress 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through <= 11.7.
CVE-2026-23973 2 Uxper, Wordpress 2 Golo, Wordpress 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23977 2 Wordpress, Wpfactory 2 Wordpress, Helpdesk Support Ticket System For Woocommerce 2026-03-30 7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-22498 2 Elated-themes, Wordpress 2 Laurent, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-24362 2 Bdthemes, Wordpress 2 Ultimate Post Kit, Wordpress 2026-03-30 6.4 Medium
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
CVE-2026-22480 2 Webtoffee, Wordpress 2 Product Feed For Woocommerce, Wordpress 2026-03-30 7.2 High
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3.
CVE-2026-22520 2 G5theme, Wordpress 2 Handmade Framework, Wordpress 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Handmade Framework handmade-framework allows Reflected XSS.This issue affects Handmade Framework: from n/a through <= 3.9.
CVE-2026-22515 2 Ancorathemes, Wordpress 2 Vegadays, Wordpress 2026-03-30 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0.
CVE-2026-22491 2 Wordpress, Wphocus 2 Wordpress, My Auctions Allegro 2026-03-30 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.35.
CVE-2026-22484 2 Pebas, Wordpress 2 Lisfinity Core, Wordpress 2026-03-30 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through <= 1.5.0.
CVE-2026-22505 2 Ancorathemes, Wordpress 2 Morning Records, Wordpress 2026-03-30 8.1 High
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2.
CVE-2026-24369 2 Theme-one, Wordpress 2 The Grid, Wordpress 2026-03-30 7.1 High
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.