Export limit exceeded: 347112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347112 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25406 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-28 | 8.1 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. | ||||
| CVE-2026-25392 | 2 Kaizencoders, Wordpress | 2 Update Urls – Quick And Easy Way To Search Old Links And Replace Them With New Links In Wordpress, Wordpress | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress: from n/a through <= 1.4.3. | ||||
| CVE-2026-25002 | 2 Thimpress, Wordpress | 2 Learnpress – Sepay Payment, Wordpress | 2026-04-28 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0. | ||||
| CVE-2026-24988 | 2 Brian Hogg, Wordpress | 2 The Events Calendar Shortcode & Block, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through <= 3.1.1. | ||||
| CVE-2026-24562 | 2 Ryviu, Wordpress | 2 Product Reviews For Woocommerce, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26. | ||||
| CVE-2026-24539 | 2 Clickdatos, Wordpress | 2 Proteccion De Datos Rgpd, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68. | ||||
| CVE-2026-24526 | 3 Steve Truman, Woocommerce, Wordpress | 3 Email Inquiry & Cart Options For Woocommerce, Woocommerce, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.5.0. | ||||
| CVE-2026-24386 | 3 Elementinvader, Elementor, Wordpress | 3 Template Kits For Elementor, Elementor, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through <= 1.2.4. | ||||
| CVE-2026-24361 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through <= 4.1.9. | ||||
| CVE-2025-69353 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3. | ||||
| CVE-2025-69022 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.6. | ||||
| CVE-2025-68989 | 2 Renzojohnson, Wordpress | 2 Contact Form 7 Extension For Mailchimp, Wordpress | 2026-04-28 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68. | ||||
| CVE-2025-68987 | 2 Edge-themes, Wordpress | 2 Cinerama, Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through <= 2.9. | ||||
| CVE-2025-68990 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9. | ||||
| CVE-2025-68985 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15. | ||||
| CVE-2025-68984 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.39. | ||||
| CVE-2025-68979 | 2 Simplecalendar, Wordpress | 2 Google Calendar Events, Wordpress | 2026-04-28 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through <= 3.5.9. | ||||
| CVE-2025-68974 | 2 Miniorange, Wordpress | 3 Social Login, Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress | 2026-04-28 | 6.6 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0. | ||||
| CVE-2025-68982 | 2 Designthemes, Wordpress | 2 Designthemes Lms, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6. | ||||
| CVE-2025-68975 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3. | ||||