Export limit exceeded: 10380 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10380 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24953 | 2 Mitchell Bennis, Wordpress | 2 Simple File List, Wordpress | 2026-02-23 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through <= 6.1.15. | ||||
| CVE-2026-24946 | 2 Tychesoftwares, Wordpress | 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress | 2026-02-23 | N/A |
| Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0. | ||||
| CVE-2026-24956 | 2 Shahjada, Wordpress | 2 Download Manager Addons For Elementor, Wordpress | 2026-02-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through <= 1.3.0. | ||||
| CVE-2026-1369 | 2 Conditional Captcha, Wordpress | 2 Conditional Captcha, Wordpress | 2026-02-23 | 4.3 Medium |
| The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | ||||
| CVE-2026-1055 | 2 Talkjs, Wordpress | 2 Talkjs, Wordpress | 2026-02-23 | 4.4 Medium |
| The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2026-22357 | 2 Spencer Haws, Wordpress | 2 Link Whisper Free, Wordpress | 2026-02-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.9.0. | ||||
| CVE-2026-1581 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-02-23 | 7.5 High |
| The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-2232 | 2 Wcproducttable, Wordpress | 2 Product Table And List Builder For Woocommerce Lite, Wordpress | 2026-02-23 | 7.5 High |
| The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-27072 | 2 Pixelyoursite, Wordpress | 2 Pixelyoursite – Your Smart Pixel (tag) Manager, Wordpress | 2026-02-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through <= 11.2.0.1. | ||||
| CVE-2026-26370 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-02-23 | N/A |
| WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||
| CVE-2026-2486 | 2 Litonice13, Wordpress | 2 Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations, Wordpress | 2026-02-23 | 6.4 Medium |
| The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-43228 | 2 Secupress, Wordpress | 2 Secupress, Wordpress | 2026-02-23 | N/A |
| Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3. | ||||
| CVE-2024-50555 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0. | ||||
| CVE-2024-52387 | 2 Liton Arefin, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4. | ||||
| CVE-2024-56208 | 2 Desertthemes, Wordpress | 2 Newsmash, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71. | ||||
| CVE-2025-53217 | 2 Staviravn, Wordpress | 2 Aio Wp Builder, Wordpress | 2026-02-23 | N/A |
| Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2. | ||||
| CVE-2025-60183 | 2 Silence, Wordpress | 2 Silencesoft Rss Reader, Wordpress | 2026-02-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6. | ||||
| CVE-2025-67979 | 2 Westerndeal, Wordpress | 2 Wpforms Google Sheet Connector, Wordpress | 2026-02-23 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1. | ||||
| CVE-2025-68545 | 2 Thembay, Wordpress | 2 Nika, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14. | ||||
| CVE-2025-68552 | 2 Webcodingplace, Wordpress | 2 Woocommerce Coming Soon Product With Countdown, Wordpress | 2026-02-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0. | ||||