Export limit exceeded: 355296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14353 | 2 Presstigers, Wordpress | 2 Zip Code Based Content Protection, Wordpress | 2026-04-22 | 7.5 High |
| The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-1321 | 2 Stellarwp, Wordpress | 2 Membership Plugin - Restrict Content, Wordpress | 2026-04-22 | 8.1 High |
| The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18. | ||||
| CVE-2026-2589 | 2 Wordpress, Wpsoul | 2 Wordpress, Greenshift – Animation And Page Builder Blocks | 2026-04-22 | 5.3 Medium |
| The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys. | ||||
| CVE-2026-28025 | 2 Themerex, Wordpress | 2 Stargaze, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Stargaze stargaze allows PHP Local File Inclusion.This issue affects Stargaze: from n/a through <= 1.5. | ||||
| CVE-2026-28027 | 2 Themerex, Wordpress | 2 Kayon, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kayon kayon allows PHP Local File Inclusion.This issue affects Kayon: from n/a through <= 1.3. | ||||
| CVE-2026-28028 | 2 Themerex, Wordpress | 2 Moneyflow, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MoneyFlow moneyflow allows PHP Local File Inclusion.This issue affects MoneyFlow: from n/a through <= 1.0. | ||||
| CVE-2026-28029 | 2 Themerex, Wordpress | 2 Emojination, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX EmojiNation emojination allows PHP Local File Inclusion.This issue affects EmojiNation: from n/a through <= 1.0.12. | ||||
| CVE-2026-28030 | 2 Themerex, Wordpress | 2 Bonbon, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through <= 1.6. | ||||
| CVE-2026-28032 | 2 Themerex, Wordpress | 2 Tuning, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tuning tuning allows PHP Local File Inclusion.This issue affects Tuning: from n/a through <= 1.3. | ||||
| CVE-2026-28033 | 2 Themerex, Wordpress | 2 Edifice, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Edifice edifice allows PHP Local File Inclusion.This issue affects Edifice: from n/a through <= 1.8. | ||||
| CVE-2026-28035 | 2 Themerex, Wordpress | 2 Printy, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Printy printy allows PHP Local File Inclusion.This issue affects Printy: from n/a through <= 1.8. | ||||
| CVE-2026-28041 | 2 Ancorathemes, Wordpress | 2 Grit, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through <= 1.0.1. | ||||
| CVE-2026-28043 | 2 Themerex, Wordpress | 2 Healer - Doctor, Clinic & Medical Wordpress Theme, Wordpress | 2026-04-22 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a through <= 1.0.0. | ||||
| CVE-2026-28047 | 2 Magentech, Wordpress | 2 Victo, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through <= 1.4.16. | ||||
| CVE-2026-28050 | 2 Themerex, Wordpress | 2 Beacon, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beacon: from n/a through <= 2.24. | ||||
| CVE-2026-28051 | 2 Themerex, Wordpress | 2 Yacht Rental, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht Rental: from n/a through <= 2.6. | ||||
| CVE-2026-28055 | 2 Themerex, Wordpress | 2 M.williamson, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX M.Williamson williamson allows PHP Local File Inclusion.This issue affects M.Williamson: from n/a through <= 1.2.11. | ||||
| CVE-2026-28056 | 2 Themerex, Wordpress | 2 Mckinney's Politics, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's Politics: from n/a through <= 1.2.8. | ||||
| CVE-2026-28057 | 2 Themerex, Wordpress | 2 Mandala, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allows PHP Local File Inclusion.This issue affects Mandala: from n/a through <= 2.8. | ||||
| CVE-2026-28059 | 2 Themerex, Wordpress | 2 Dermatology Clinic, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through <= 1.4.3. | ||||