Search Results (85518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-27089 2 Magepeople, Wordpress 2 Wptravelly, Wordpress 2026-06-16 7.5 High
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
CVE-2026-39490 2 Artbees, Wordpress 2 Jupiter X Core, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
CVE-2026-39581 2 Activity-log.com, Wordpress 2 Wp Sessions Time Monitoring Full Automatic, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
CVE-2026-48885 2 Groundhogg, Wordpress 2 Hollerbox, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2026-48882 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
CVE-2026-49056 2 Webtoffee, Wordpress 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
CVE-2026-49068 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-06-16 7.5 High
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
CVE-2026-49083 2 Latepoint, Wordpress 2 Latepoint, Wordpress 2026-06-16 7.5 High
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
CVE-2016-20075 2 Etoilewebdesign, Wordpress 2 Ultimate Product Catalog, Wordpress 2026-06-16 8.8 High
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.
CVE-2026-48964 2 Elextensions, Wordpress 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
CVE-2026-48970 2 Really-simple-plugins, Wordpress 2 Really Simple Ssl, Wordpress 2026-06-16 8.1 High
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
CVE-2026-52697 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-16 8.5 High
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
CVE-2026-34886 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
CVE-2026-40781 2 Reviewx, Wordpress 2 Reviewx, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
CVE-2026-40787 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40788 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-06-16 7.1 High
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVE-2026-40791 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42667 2 Bookly, Wordpress 2 Bookly, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.