Export limit exceeded: 343527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39592 | 2 Andy Ha, Wordpress | 2 Depart, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through <= 1.0.7. | ||||
| CVE-2026-39602 | 2 Rustaurius, Wordpress | 2 Order Tracking, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3. | ||||
| CVE-2026-39607 | 2 Wordpress, Wpbens | 2 Wordpress, Filter Plus | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17. | ||||
| CVE-2026-39608 | 2 Ipospays, Wordpress | 2 Ipospays Gateways Wc, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7. | ||||
| CVE-2026-39614 | 2 Ilghera, Wordpress | 2 Jw Player For Wordpress, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6. | ||||
| CVE-2026-39616 | 2 Dfactory, Wordpress | 2 Download Attachments, Wordpress | 2026-04-08 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0. | ||||
| CVE-2026-39618 | 2 Themearile, Wordpress | 2 Newsexo, Wordpress | 2026-04-08 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1. | ||||
| CVE-2026-39620 | 2 Priyanshumittal, Wordpress | 2 Appointment, Wordpress | 2026-04-08 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. | ||||
| CVE-2026-39623 | 2 Kutethemes, Wordpress | 2 Biolife, Wordpress | 2026-04-08 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3. | ||||
| CVE-2026-39625 | 2 Kutethemes, Wordpress | 2 Techone, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3. | ||||
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-39632 | 2 Themegoods, Wordpress | 2 Grand Blog, Wordpress | 2026-04-08 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1. | ||||
| CVE-2026-39638 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14. | ||||
| CVE-2026-39639 | 2 Redpixelstudios, Wordpress | 2 Rps Include Content, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through <= 1.2.2. | ||||
| CVE-2026-39646 | 2 Bozdoz, Wordpress | 2 Leaflet Map, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4. | ||||
| CVE-2026-39650 | 2 Unitech Web, Wordpress | 2 Unitechpay, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2. | ||||
| CVE-2026-39658 | 2 Coding Panda, Wordpress | 2 Panda Pods Repeater Field, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12. | ||||
| CVE-2026-39663 | 2 Themetechmount, Wordpress | 2 Truebooker, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5. | ||||
| CVE-2026-39667 | 2 Jongmyoung Kim, Wordpress | 2 Korea Sns, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0. | ||||
| CVE-2026-1163 | 1 Parisneo | 2 Lollms, Parisneo/lollms | 2026-04-08 | N/A |
| An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject requests after a period of inactivity and the excessively long default session duration of 31 days. The vulnerability enables an attacker to maintain persistent access to a compromised account, even after the victim resets their password. | ||||