Export limit exceeded: 340856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340856 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32441 | 2 Webtoffee, Wordpress | 2 Wordpress Comments Import And Export, Wordpress | 2026-03-27 | 7.7 High |
| Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9. | ||||
| CVE-2026-32482 | 2 Deothemes, Wordpress | 2 Ona, Wordpress | 2026-03-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. | ||||
| CVE-2026-32483 | 2 Codepeople, Wordpress | 2 Contact Form Email, Wordpress | 2026-03-27 | 6.5 Medium |
| Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63. | ||||
| CVE-2026-32484 | 2 Boldgrid, Wordpress | 2 Weforms, Wordpress | 2026-03-27 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. | ||||
| CVE-2026-32485 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-03-27 | 7.5 High |
| Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8. | ||||
| CVE-2026-32488 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-03-27 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9. | ||||
| CVE-2026-32489 | 2 Bplugins, Wordpress | 2 B Blocks, Wordpress | 2026-03-27 | 6.5 Medium |
| Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30. | ||||
| CVE-2026-32492 | 2 Joe Dolson, Wordpress | 2 My Tickets, Wordpress | 2026-03-27 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | ||||
| CVE-2026-32495 | 2 Linksoftwarellc, Wordpress | 2 Wp Terms Popup, Wordpress | 2026-03-27 | 7.5 High |
| Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0. | ||||
| CVE-2026-32496 | 2 Nysl, Wordpress | 2 Spam Protect For Contact Form 7, Wordpress | 2026-03-27 | 6.7 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through <= 1.2.9. | ||||
| CVE-2026-32497 | 2 Pickplugins, Wordpress | 2 User Verification, Wordpress | 2026-03-27 | 5.3 Medium |
| Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | ||||
| CVE-2026-32498 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-03-27 | 7.5 High |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||||
| CVE-2026-32499 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-03-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9. | ||||
| CVE-2026-32500 | 2 Creativews, Wordpress | 2 Metamax, Wordpress | 2026-03-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4. | ||||
| CVE-2026-32501 | 2 Wordpress, Wp-configurator | 2 Wordpress, Wp Configurator Pro | 2026-03-27 | 7.1 High |
| Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through <= 3.7.9. | ||||
| CVE-2026-32502 | 2 Select-themes, Wordpress | 2 Borgholm, Wordpress | 2026-03-27 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6. | ||||
| CVE-2026-32503 | 2 Creativews, Wordpress | 2 Trendustry, Wordpress | 2026-03-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through <= 1.1.4. | ||||
| CVE-2026-32504 | 2 Creativews, Wordpress | 2 Vintwood, Wordpress | 2026-03-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8. | ||||
| CVE-2026-32505 | 2 Creativews, Wordpress | 2 Kiddy, Wordpress | 2026-03-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through <= 2.0.8. | ||||
| CVE-2026-32506 | 2 Edge-themes, Wordpress | 2 Archicon, Wordpress | 2026-03-27 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7. | ||||