Export limit exceeded: 24994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344033 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25313 | 2 Shahjahan Jewel, Wordpress | 2 Fluentform, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14. | ||||
| CVE-2026-25311 | 2 10up, Wordpress | 2 Autoshare For Twitter, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1. | ||||
| CVE-2026-25310 | 2 Alobaidi, Wordpress | 2 Extend Link, Wordpress | 2026-04-01 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0. | ||||
| CVE-2026-25308 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9. | ||||
| CVE-2026-25307 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7. | ||||
| CVE-2026-25305 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through <= 9.6.4. | ||||
| CVE-2026-25036 | 2 Wordpress, Wpchill | 2 Wordpress, Passster | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25. | ||||
| CVE-2026-25028 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.1. | ||||
| CVE-2026-25027 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1. | ||||
| CVE-2026-25024 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9. | ||||
| CVE-2026-25023 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7. | ||||
| CVE-2026-25022 | 2 Iqonic, Wordpress | 2 Kivicare, Wordpress | 2026-04-01 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16. | ||||
| CVE-2026-25021 | 2 Mizan Themes, Wordpress | 2 Mizan Demo Importer, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through <= 0.1.3. | ||||
| CVE-2026-25020 | 2 Wordpress, Wp Connect | 2 Wordpress, Wp Sync For Notion | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0. | ||||
| CVE-2026-25019 | 2 Vito Peleg, Wordpress | 2 Atarim, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.1. | ||||
| CVE-2026-25016 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through <= 1.3.5. | ||||
| CVE-2026-25015 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53. | ||||
| CVE-2026-25014 | 2 Themelooks, Wordpress | 2 Enter Addons, Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2. | ||||
| CVE-2026-25012 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0. | ||||
| CVE-2026-25011 | 2 Northern Beaches Websites, Wordpress | 2 Wp Custom Admin Interface, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41. | ||||