Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24353 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9. | ||||
| CVE-2026-23978 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1. | ||||
| CVE-2026-23976 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4. | ||||
| CVE-2026-23975 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5. | ||||
| CVE-2026-23974 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5. | ||||
| CVE-2026-23805 | 2 Wordpress, Yoren Chang | 2 Wordpress, Media Search Enhanced | 2026-04-01 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1. | ||||
| CVE-2026-23804 | 2 Bbr Plugins, Wordpress | 2 Better Business Reviews, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1. | ||||
| CVE-2026-23803 | 2 Burhan Nasir, Wordpress | 2 Smart Auto Upload Images, Wordpress | 2026-04-01 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2. | ||||
| CVE-2026-23802 | 2 Jordy Meow, Wordpress | 2 Ai-engine, Wordpress | 2026-04-01 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2. | ||||
| CVE-2026-23801 | 2 Fuelthemes, Wordpress | 2 The Issue, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through <= 1.6.11. | ||||
| CVE-2026-23799 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5. | ||||
| CVE-2026-23798 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10. | ||||
| CVE-2026-23549 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | ||||
| CVE-2026-23547 | 2 Cmsmasters, Wordpress | 2 Cmsmasters Content Composer, Wordpress | 2026-04-01 | 7.1 High |
| Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8. | ||||
| CVE-2026-23546 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-01 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4. | ||||
| CVE-2026-23545 | 2 Arubadev, Wordpress | 2 Aruba Hispeed Cache, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4. | ||||
| CVE-2026-23544 | 2 Codetipi, Wordpress | 2 Valenti, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5. | ||||
| CVE-2026-23543 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Essential Addons For Elementor | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5. | ||||
| CVE-2026-23542 | 2 Themegoods, Wordpress | 2 Grand Restaurant, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10. | ||||
| CVE-2026-23541 | 2 Getwpfunnels, Wordpress | 2 Mail Mint, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4. | ||||