Export limit exceeded: 346623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346623 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25361 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through <= 5.1.4. | ||||
| CVE-2026-4615 | 1 Sourcecodester | 1 Online Catering Reservation | 2026-04-24 | 7.3 High |
| A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2025-10734 | 2 Reviewx, Wordpress | 2 Reviewx – Multi-criteria Reviews For Woocommerce With Google Reviews & Schema, Wordpress | 2026-04-24 | 5.3 Medium |
| The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated attackers to extract sensitive data including user names, emails, phone numbers, addresses. | ||||
| CVE-2026-4540 | 1 Projectworlds | 1 Online Notes Sharing Platform | 2026-04-24 | 7.3 High |
| A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4562 | 1 Maccms | 1 Maccms | 2026-04-24 | 7.3 High |
| A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4582 | 1 Shenzhen Hcc Technology | 1 Mpos M6 Plus | 2026-04-24 | 5 Medium |
| A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attacks of this nature are highly complex. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-69347 | 2 Convers Lab, Wordpress | 2 Wpsubscription, Wordpress | 2026-04-24 | 8.6 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10. | ||||
| CVE-2025-69358 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0. | ||||
| CVE-2026-22499 | 2 Elated-themes, Wordpress | 2 Lella, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from n/a through <= 1.2. | ||||
| CVE-2026-22500 | 2 Axiomthemes, Wordpress | 2 M2 | Construction And Tools Store, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2. | ||||
| CVE-2026-22503 | 2 Themerex, Wordpress | 2 Nelson, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0. | ||||
| CVE-2026-22504 | 2 Themerex, Wordpress | 2 Prolingua, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12. | ||||
| CVE-2026-22515 | 2 Ancorathemes, Wordpress | 2 Vegadays, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0. | ||||
| CVE-2026-23971 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-24 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. | ||||
| CVE-2026-23973 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5. | ||||
| CVE-2026-23979 | 2 Softwebmedia, Wordpress | 2 Gyan Elements, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through <= 2.2.1. | ||||
| CVE-2026-24362 | 2 Bdthemes, Wordpress | 2 Ultimate Post Kit, Wordpress | 2026-04-24 | 6.4 Medium |
| Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21. | ||||
| CVE-2026-24369 | 2 Theme-one, Wordpress | 2 The Grid, Wordpress | 2026-04-24 | 7.1 High |
| Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | ||||
| CVE-2026-24370 | 2 Theme-one, Wordpress | 2 The Grid, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8.0. | ||||
| CVE-2026-24972 | 2 Elated-themes, Wordpress | 2 Elated Listing, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4. | ||||