Export limit exceeded: 341846 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341846 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341846 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23545 | 2 Arubadev, Wordpress | 2 Aruba Hispeed Cache, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4. | ||||
| CVE-2026-23544 | 2 Codetipi, Wordpress | 2 Valenti, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5. | ||||
| CVE-2026-23543 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Essential Addons For Elementor | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5. | ||||
| CVE-2026-23542 | 2 Themegoods, Wordpress | 2 Grand Restaurant, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10. | ||||
| CVE-2026-23541 | 2 Getwpfunnels, Wordpress | 2 Mail Mint, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4. | ||||
| CVE-2026-22501 | 2 Axiomthemes, Wordpress | 2 Mounthood, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2. | ||||
| CVE-2026-22497 | 2 Ancorathemes, Wordpress | 2 Jardi, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2. | ||||
| CVE-2026-22483 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12. | ||||
| CVE-2026-22482 | 2 Wbolt, Wordpress | 2 Imgspider, Wordpress | 2026-04-01 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12. | ||||
| CVE-2026-22481 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1. | ||||
| CVE-2026-22478 | 2 Elated Themes, Wordpress | 2 Findall, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affects FindAll: from n/a through <= 1.4. | ||||
| CVE-2026-22477 | 2 Ancorathemes, Wordpress | 2 Felizia, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through <= 1.3.4. | ||||
| CVE-2026-22476 | 2 Elated-themes, Wordpress | 2 Etchy, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects Etchy: from n/a through <= 1.0. | ||||
| CVE-2026-22475 | 2 Axiomthemes, Wordpress | 2 Estate, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4. | ||||
| CVE-2026-22474 | 2 Themerex, Wordpress | 2 Equestrian Centre, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5. | ||||
| CVE-2026-22473 | 2 Designthemes, Wordpress | 2 Dental Clinic, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7. | ||||
| CVE-2026-22472 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6. | ||||
| CVE-2026-22471 | 2 Maximsecudeal, Wordpress | 2 Secudeal Payments For Ecommerce, Wordpress | 2026-04-01 | 8.6 High |
| Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. | ||||
| CVE-2026-22470 | 2 Firestorm Plugins, Wordpress | 2 Firestorm Professional Real Estate, Wordpress | 2026-04-01 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11. | ||||
| CVE-2026-22469 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2. | ||||