Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39680 | 2 Mwp Development, Wordpress | 2 Diet Calorie Calculator, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through <= 1.1.1. | ||||
| CVE-2026-39688 | 2 Glowlogix, Wordpress | 2 Wp Frontend Profile, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9. | ||||
| CVE-2026-39692 | 2 Tagdiv, Wordpress | 2 Tagdiv Composer, Wordpress | 2026-04-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3. | ||||
| CVE-2026-39694 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2. | ||||
| CVE-2026-39696 | 2 Elfsight, Wordpress | 2 Elfsight Whatsapp Chat Cc, Wordpress | 2026-04-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0. | ||||
| CVE-2026-39698 | 2 Publisherdesk, Wordpress | 2 The Publisher Desk Ads.txt, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0. | ||||
| CVE-2026-39700 | 2 Wordpress, Wpxpo | 2 Wordpress, Wowoptin | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32. | ||||
| CVE-2026-39702 | 2 Wealcoder, Wordpress | 2 Animation Addons For Elementor, Wordpress | 2026-04-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through <= 2.6.1. | ||||
| CVE-2026-39704 | 2 Nfusionsolutions, Wordpress | 2 Precious Metals Automated Product Pricing – Pro, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5. | ||||
| CVE-2026-39706 | 2 Netro Systems, Wordpress | 2 Make My Trivia, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0. | ||||
| CVE-2026-39710 | 2 Stmcan, Wordpress | 2 Rt-theme 18 | Extensions, Wordpress | 2026-04-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | ||||
| CVE-2026-39712 | 2 Tagdiv, Wordpress | 2 Tagdiv Composer, Wordpress | 2026-04-08 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through <= 5.4.3. | ||||
| CVE-2026-39716 | 2 Ckthemes, Wordpress | 2 Flipmart, Wordpress | 2026-04-08 | 5.3 Medium |
| Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | ||||
| CVE-2026-39851 | 1 Saleor | 1 Saleor | 2026-04-08 | N/A |
| Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange() mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118. | ||||
| CVE-2026-39391 | 1 Ci4-cms-erp | 1 Ci4ms | 2026-04-08 | 4.8 Medium |
| CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist (ban) note parameter in UserController::ajax_blackList_post() is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other admin who views the user management page. This vulnerability is fixed in 0.31.4.0. | ||||
| CVE-2026-39691 | 2 Adastracrypto, Wordpress | 2 Cryptocurrency Donation Box – Bitcoin & Crypto Donations, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13. | ||||
| CVE-2026-39697 | 2 Hbss Technologies, Wordpress | 2 Maio – The New Ai Geo / Seo Tool, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through <= 6.2.8. | ||||
| CVE-2026-39703 | 2 Wordpress, Wpbits | 2 Wordpress, Wpbits Addons For Elementor Page Builder | 2026-04-08 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.8.1. | ||||
| CVE-2026-33350 | 1 Aces | 1 Loris | 2026-04-08 | 7.5 High |
| LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging browser. Attackers can use SQL ingestion to access/alter data on the server. This vulnerability is fixed in 27.0.3 and 28.0.1. | ||||
| CVE-2026-39681 | 2 Apustheme, Wordpress | 2 Homeo, Wordpress | 2026-04-08 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59. | ||||