Search
Search Results (360125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69332 | 2 Mycred, Wordpress | 2 Bookify, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Bookify <= 1.1.1 versions. | ||||
| CVE-2026-25425 | 2 Themegrill, Wordpress | 2 User Registration, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | ||||
| CVE-2026-34898 | 2 Wordpress, Wp Swings | 2 Wordpress, Event Tickets Manager For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. | ||||
| CVE-2026-34901 | 2 Paul, Wordpress | 2 Icontrolwp, Wordpress | 2026-06-23 | 9.8 Critical |
| Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. | ||||
| CVE-2026-39441 | 2 Naked Cat Plugins (by Webdados), Wordpress | 2 Feed Kuantokusta For Woocommerce – Free, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions. | ||||
| CVE-2026-39468 | 2 Elightup, Wordpress | 2 Meta Box – Wordpress Custom Fields Framework, Wordpress | 2026-06-23 | 6.8 Medium |
| Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions. | ||||
| CVE-2026-39492 | 2 Flipper Code – Wordpress Development Company, Wordpress | 2 Wp Maps, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. | ||||
| CVE-2026-39498 | 2 Wordpress, Yeeaddons | 2 Wordpress, Yaymail | 2026-06-23 | 7.2 High |
| Shop manager PHP Object Injection in YayMail <= 4.3.3 versions. | ||||
| CVE-2026-39507 | 2 Themeisle, Wordpress | 2 Social Slider Feed, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | ||||
| CVE-2026-39511 | 2 Jacob N. Breetvelt, Wordpress | 2 Wp Photo Album Plus, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. | ||||
| CVE-2026-39519 | 2 Ahmad, Wordpress | 2 Geekybot, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | ||||
| CVE-2026-39525 | 2 Booking Activities Team, Wordpress | 2 Booking Activities, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions. | ||||
| CVE-2026-39527 | 2 Sc Internet Vivoo, Wordpress | 2 Wpstream, Wordpress | 2026-06-23 | 5.4 Medium |
| Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions. | ||||
| CVE-2026-39530 | 2 Speakout!, Wordpress | 2 Speakout! Email Petitions, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions. | ||||
| CVE-2026-39540 | 2 Amit Mittal, Wordpress | 2 Shipment Tracker For Woocommerce, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions. | ||||
| CVE-2026-39587 | 2 Hakan Ozevin, Wordpress | 2 Wp Base Booking, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | ||||
| CVE-2026-39591 | 2 Cmsjunkie – Wordpress Business Directory Plugins, Wordpress | 2 Wp-businessdirectory, Wordpress | 2026-06-23 | 9.9 Critical |
| Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | ||||
| CVE-2026-39594 | 2 Themefic, Wordpress | 2 Ultra Addons For Wpforms, Wordpress | 2026-06-23 | 6.4 Medium |
| Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | ||||
| CVE-2026-40741 | 2 Jose Conti, Wordpress | 2 Redsys For Woocommerce Light, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||||
| CVE-2026-40769 | 2 Satinder Singh, Wordpress | 2 Contact Form Extender For Divi – Save Entries, File Upload & Country Code Field, Wordpress | 2026-06-23 | 8.6 High |
| Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions. | ||||