Export limit exceeded: 347351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347351 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39517 | 2 Awplife, Wordpress | 2 Blog Filter, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6. | ||||
| CVE-2026-39521 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-04-24 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1. | ||||
| CVE-2026-39526 | 2 Wordpress, Wpstream | 2 Wordpress, Wpstream | 2026-04-24 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2. | ||||
| CVE-2026-39466 | 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform | 2 Wordpress, Broken Link Checker | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7. | ||||
| CVE-2026-34896 | 2 Analytify, Wordpress | 2 Under Construction, Coming Soon & Maintenance Mode, Wordpress | 2026-04-24 | 7.5 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1. | ||||
| CVE-2026-34897 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34. | ||||
| CVE-2026-34903 | 2 Oceanwp, Wordpress | 2 Ocean Extra, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3. | ||||
| CVE-2026-39479 | 2 Brainstorm Force, Wordpress | 2 Ottokit, Wordpress | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through <= 1.1.20. | ||||
| CVE-2026-39483 | 2 Hidekazu Ishikawa, Wordpress | 2 Vk All In One Expansion Unit, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3. | ||||
| CVE-2026-39564 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2. | ||||
| CVE-2026-39544 | 2 Themestek, Wordpress | 2 Labtechco, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3. | ||||
| CVE-2026-39536 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2026-04-24 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16. | ||||
| CVE-2026-39543 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4. | ||||
| CVE-2026-39562 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10. | ||||
| CVE-2026-39569 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39570 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39571 | 2 Themefic, Wordpress | 2 Instantio, Wordpress | 2026-04-24 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30. | ||||
| CVE-2026-39575 | 2 Ronald Huereca, Wordpress | 2 Custom Query Blocks, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0. | ||||
| CVE-2026-39586 | 2 Ateeq Rafeeq, Wordpress | 2 Repairbuddy, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132. | ||||
| CVE-2026-39588 | 2 Nmerii, Wordpress | 2 Nm Gift Registry And Wishlist Lite, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13. | ||||