Export limit exceeded: 44844 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1877 | 2 Johnh10, Wordpress | 2 Auto Post Scheduler, Wordpress | 2026-04-01 | 6.1 Medium |
| The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps_options_page' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-41356 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2026-04-01 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagconnect.php' endpoint. | ||||
| CVE-2026-34887 | 2 Extendthemes, Wordpress | 2 Kubio Ai Page Builder, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0. | ||||
| CVE-2025-41357 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2026-04-01 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. It affects 'host' parameter in '/diagdns.php' endpoint. | ||||
| CVE-2026-4146 | 2 Timwhitlock, Wordpress | 2 Loco Translate, Wordpress | 2026-04-01 | 6.1 Medium |
| The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-9497 | 1 Microchip | 1 Timeprovider 4100 | 2026-04-01 | 9.8 Critical |
| Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0. | ||||
| CVE-2026-32462 | 2 Liton Arefin, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-04-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3. | ||||
| CVE-2026-32460 | 2 Themefic, Wordpress | 2 Ultimate Addons For Contact Form 7, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36. | ||||
| CVE-2026-32455 | 2 Realmag777, Wordpress | 2 Mdtf, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5. | ||||
| CVE-2026-32454 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0. | ||||
| CVE-2026-32450 | 2 Realmag777, Wordpress | 2 Active Products Tables For Woocommerce, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7. | ||||
| CVE-2026-32449 | 2 Themifyme, Wordpress | 2 Themify Event Post, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4. | ||||
| CVE-2026-32448 | 2 Eric Teubert, Wordpress | 2 Podlove Podcast Publisher, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3. | ||||
| CVE-2026-32431 | 2 Brainstorm Force, Wordpress | 2 Astra Bulk Edit, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10. | ||||
| CVE-2026-32430 | 2 Ideabox, Wordpress | 2 Powerpack Addons For Elementor, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9. | ||||
| CVE-2026-32429 | 2 Noor Alam, Wordpress | 2 Magical Addons For Elementor, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1. | ||||
| CVE-2026-32424 | 2 Boldgrid, Wordpress | 2 Sprout Clients, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2. | ||||
| CVE-2026-32419 | 2 Fernandobriano, Wordpress | 2 List Category Posts, Wordpress | 2026-04-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1. | ||||
| CVE-2026-32411 | 2 Simpma, Wordpress | 2 Embed Calendly, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4. | ||||
| CVE-2026-32403 | 2 Toocheke, Wordpress | 2 Toocheke Companion, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194. | ||||