Export limit exceeded: 347112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347112 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36388 | 1 Ydesignservices | 1 Yds Support Ticket System | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. | ||||
| CVE-2022-36379 | 1 Yookassa | 1 Yukassa For Woocommerce | 2026-04-28 | 8.8 High |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-36383 | 1 Webhelpagency | 1 Wha Wordsearch | 2026-04-28 | 5.4 Medium |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. | ||||
| CVE-2022-36355 | 1 Easy Org Chart Project | 1 Easy Org Chart | 2026-04-28 | 5.4 Medium |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | ||||
| CVE-2022-36352 | 1 Metagauss | 1 Profilegrid | 2026-04-28 | 6.3 Medium |
| Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | ||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2026-04-28 | 4.8 Medium |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. | ||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2026-04-28 | 7.2 High |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | ||||
| CVE-2022-35726 | 1 Yotuwp | 1 Video Gallery | 2026-04-28 | 4.3 Medium |
| Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | ||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2026-04-28 | 8.8 High |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-34839 | 1 Codexshaper | 1 Wp Oauth2 Server | 2026-04-28 | 5.9 Medium |
| Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-34344 | 1 Rymera | 1 Wholesale Suite | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | ||||
| CVE-2022-34155 | 1 Miniorange | 1 Oauth Single Sign On | 2026-04-28 | 8.8 High |
| Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | ||||
| CVE-2022-33191 | 1 Testimonials Project | 1 Testimonials | 2026-04-28 | 4.1 Medium |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-33201 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2026-04-28 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | ||||
| CVE-2022-33900 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-28 | 4.1 Medium |
| PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-31474 | 1 Ithemes | 1 Backupbuddy | 2026-04-28 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | ||||
| CVE-2022-29420 | 1 Edmonsoft | 1 Countdown Builder | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. | ||||
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2026-04-28 | 4.1 Medium |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | ||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2026-04-28 | 7.5 High |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | ||||
| CVE-2026-38949 | 2026-04-28 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code | ||||