Export limit exceeded: 346125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32357 | 2 Katsushi Kawamori, Wordpress | 2 Simple Blog Card, Wordpress | 2026-04-22 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37. | ||||
| CVE-2026-32367 | 2 Wordpress, Ylefebvre | 2 Wordpress, Modal Dialog | 2026-04-22 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16. | ||||
| CVE-2026-32385 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-04-22 | 5.4 Medium |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||||
| CVE-2026-32392 | 2 Creatives Planet, Wordpress | 2 Greenly, Wordpress | 2026-04-22 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1. | ||||
| CVE-2026-4163 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2026-04-22 | 9.8 Critical |
| A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended. | ||||
| CVE-2026-4166 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-04-22 | 3.5 Low |
| A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-32374 | 2 Raratheme, Wordpress | 2 The Minimal, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9. | ||||
| CVE-2026-32397 | 2 Wordpress, Ymc-22 | 2 Wordpress, Filter & Grids | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1. | ||||
| CVE-2026-32399 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-04-22 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32. | ||||
| CVE-2026-32400 | 2 Themetechmount, Wordpress | 2 Boldman, Wordpress | 2026-04-22 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7. | ||||
| CVE-2026-32404 | 2 Studio99, Wordpress | 2 Studio99 Wp Monitor, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3. | ||||
| CVE-2026-32410 | 2 Woobewoo, Wordpress | 2 Wbw Currency Switcher For Woocommerce, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5. | ||||
| CVE-2026-32425 | 2 Linknacional, Wordpress | 2 Payment Gateway Pix For Givewp, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3. | ||||
| CVE-2026-32434 | 2 Vowelweb, Wordpress | 2 Vw Fitness, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | ||||
| CVE-2026-32439 | 2 Webgeniuslab, Wordpress | 2 Bighearts, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14. | ||||
| CVE-2026-32440 | 2 Ex-themes, Wordpress | 2 Wp Food, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1. | ||||
| CVE-2026-32446 | 2 Syed Balkhi, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-04-22 | 4.3 Medium |
| Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3. | ||||
| CVE-2026-32448 | 2 Eric Teubert, Wordpress | 2 Podlove Podcast Publisher, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3. | ||||
| CVE-2026-32449 | 2 Themifyme, Wordpress | 2 Themify Event Post, Wordpress | 2026-04-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4. | ||||
| CVE-2026-32453 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0. | ||||