Export limit exceeded: 341258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341258 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25465 | 2 Codepeople, Wordpress | 2 Cp Multi View Event Calendar, Wordpress | 2026-03-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35. | ||||
| CVE-2026-25469 | 2 Viabill For Woocommerce, Wordpress | 2 Viabill – Woocommerce, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through <= 1.1.53. | ||||
| CVE-2026-27039 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-03-30 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31. | ||||
| CVE-2026-27045 | 2 Sbthemes, Wordpress | 2 Woocommerce Infinite Scroll, Wordpress | 2026-03-30 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through <= 1.6.2. | ||||
| CVE-2026-27046 | 2 Kaira, Wordpress | 2 Storecustomizer, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3. | ||||
| CVE-2026-27047 | 2 Mikado-themes, Wordpress | 2 Curly, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6. | ||||
| CVE-2026-27048 | 2 Elated-themes, Wordpress | 2 The Aisle Core, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5. | ||||
| CVE-2026-27049 | 2 Nootheme, Wordpress | 2 Jobica Core, Wordpress | 2026-03-30 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2. | ||||
| CVE-2026-27054 | 2 Pencidesign, Wordpress | 2 Penci Soledad Data Migrator, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from n/a through <= 1.3.1. | ||||
| CVE-2026-27071 | 2 Arraytics, Wordpress | 2 Wpcafe, Wordpress | 2026-03-30 | 9.1 Critical |
| Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7. | ||||
| CVE-2026-27073 | 2 Addi, Wordpress | 2 Addi – Cuotas Que Se Adaptan A Ti, Wordpress | 2026-03-30 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4. | ||||
| CVE-2026-27078 | 2 Mikado-themes, Wordpress | 2 Emaurri, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1. | ||||
| CVE-2026-27083 | 2 Themerex, Wordpress | 2 Work & Travel Company, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2. | ||||
| CVE-2026-27084 | 2 Themerex, Wordpress | 2 Buisson, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. | ||||
| CVE-2026-27088 | 2 G5theme, Wordpress | 2 Darna Framework, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: from n/a through <= 2.9. | ||||
| CVE-2026-27095 | 2 Mage-people, Wordpress | 2 Bus Ticket Booking With Seat Reservation, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.6.0. | ||||
| CVE-2026-31913 | 2 Whitebox-studio, Wordpress | 2 Scape, Wordpress | 2026-03-30 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16. | ||||
| CVE-2026-31914 | 2 Hookandhook, Wordpress | 2 Wp Courses Lms, Wordpress | 2026-03-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through <= 3.2.26. | ||||
| CVE-2026-31920 | 2 Devteam Haywoodtech, Wordpress | 2 Product Rearrange For Woocommerce, Wordpress | 2026-03-30 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. | ||||
| CVE-2026-31921 | 2 Devteam Haywoodtech, Wordpress | 2 Product Rearrange For Woocommerce, Wordpress | 2026-03-30 | 8.2 High |
| Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. | ||||