Export limit exceeded: 343974 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343974 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39608 | 2 Ipospays, Wordpress | 2 Ipospays Gateways Wc, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7. | ||||
| CVE-2026-39610 | 2 Pankaj Kumar, Wordpress | 2 Wpxmas-snow, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1. | ||||
| CVE-2026-39624 | 2 Kutethemes, Wordpress | 2 Biolife, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | ||||
| CVE-2026-39626 | 2 Kutethemes, Wordpress | 2 Armania, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | ||||
| CVE-2026-39630 | 2 Getty Images, Wordpress | 2 Getty Images, Wordpress | 2026-04-08 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0. | ||||
| CVE-2026-39640 | 2 Mndpsingh287, Wordpress | 2 Theme Editor, Wordpress | 2026-04-08 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. | ||||
| CVE-2026-39663 | 2 Themetechmount, Wordpress | 2 Truebooker, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5. | ||||
| CVE-2026-39673 | 2 Shrikantkale, Wordpress | 2 Izooto, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20. | ||||
| CVE-2026-39675 | 2 Webmuehle, Wordpress | 2 Court Reservation, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11. | ||||
| CVE-2026-39488 | 2 Surecart, Wordpress | 2 Surecart, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | ||||
| CVE-2026-39544 | 2 Themestek, Wordpress | 2 Labtechco, Wordpress | 2026-04-08 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3. | ||||
| CVE-2026-39632 | 2 Themegoods, Wordpress | 2 Grand Blog, Wordpress | 2026-04-08 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1. | ||||
| CVE-2026-39658 | 2 Coding Panda, Wordpress | 2 Panda Pods Repeater Field, Wordpress | 2026-04-08 | N/A |
| Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12. | ||||
| CVE-2026-4299 | 2 Mainwp, Wordpress | 2 Mainwp Child Reports, Wordpress | 2026-04-08 | 5.3 Medium |
| The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeat_received() function in the Live_Update class. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain MainWP Child Reports activity log entries (including action summaries, user information, IP addresses, and contextual data) via the WordPress Heartbeat API by sending a crafted heartbeat request with the 'wp-mainwp-stream-heartbeat' data key. | ||||
| CVE-2026-39484 | 2 John Darrel, Wordpress | 2 Hide My Wp Ghost, Wordpress | 2026-04-08 | N/A |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00. | ||||
| CVE-2026-39542 | 2 Doofinder, Wordpress | 2 Doofinder For Woocommerce, Wordpress | 2026-04-08 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13. | ||||
| CVE-2026-39564 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-08 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2. | ||||
| CVE-2026-39570 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-08 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39571 | 2 Themefic, Wordpress | 2 Instantio, Wordpress | 2026-04-08 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30. | ||||
| CVE-2026-39638 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2026-04-08 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14. | ||||