Export limit exceeded: 354833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354833 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22453 | 2 Themerex, Wordpress | 2 Pets Club, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3. | ||||
| CVE-2026-22454 | 2 Themerex, Wordpress | 2 Solaris, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2.5. | ||||
| CVE-2026-22457 | 2 Mikado-themes, Wordpress | 2 Wanderland, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5. | ||||
| CVE-2026-22465 | 2 Seventhqueen, Wordpress | 2 Buddyapp, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through <= 1.9.2. | ||||
| CVE-2026-22467 | 2 Mwtemplates, Wordpress | 2 Deepdigital, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a through <= 1.0.2. | ||||
| CVE-2026-22473 | 2 Designthemes, Wordpress | 2 Dental Clinic, Wordpress | 2026-04-22 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7. | ||||
| CVE-2026-22474 | 2 Themerex, Wordpress | 2 Equestrian Centre, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5. | ||||
| CVE-2026-22475 | 2 Axiomthemes, Wordpress | 2 Estate, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4. | ||||
| CVE-2026-22497 | 2 Ancorathemes, Wordpress | 2 Jardi, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2. | ||||
| CVE-2026-22501 | 2 Axiomthemes, Wordpress | 2 Mounthood, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2. | ||||
| CVE-2026-23546 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-22 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4. | ||||
| CVE-2026-2365 | 2 Techjewel, Wordpress | 2 Fluent Forms Pro Add On Pack, Wordpress | 2026-04-22 | 7.2 High |
| The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce verification, combined with insufficient input sanitization and output escaping of form field data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator views a partial form entry. | ||||
| CVE-2026-23798 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-04-22 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10. | ||||
| CVE-2026-23801 | 2 Fuelthemes, Wordpress | 2 The Issue, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through <= 1.6.11. | ||||
| CVE-2026-23802 | 2 Jordy Meow, Wordpress | 2 Ai-engine, Wordpress | 2026-04-22 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2. | ||||
| CVE-2026-24385 | 2 Gerritvanaaken, Wordpress | 2 Podlove Web Player, Wordpress | 2026-04-22 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1. | ||||
| CVE-2026-24963 | 2 Ameliabooking, Wordpress | 2 Amelia, Wordpress | 2026-04-22 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through <= 1.2.38. | ||||
| CVE-2026-27097 | 2 Ancorathemes, Wordpress | 2 Casamia | Property Rental Real Estate Wordpress Theme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Theme: from n/a through <= 1.1.2. | ||||
| CVE-2026-27326 | 2 Axiomthemes, Wordpress | 2 Ac Services | Hvac, Air Conditioning & Heating Company Wordpress Theme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme: from n/a through <= 1.2.5. | ||||
| CVE-2026-27336 | 2 Ancorathemes, Wordpress | 2 Consultor | Consulting, Accounting & Legal Counsel Wordpress Theme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclusion.This issue affects Consultor | Consulting, Accounting & Legal Counsel WordPress Theme: from n/a through <= 1.2.4. | ||||