Export limit exceeded: 347145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39628 | 2 Kutethemes, Wordpress | 2 Dukamarket, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0. | ||||
| CVE-2026-39611 | 2 Kutethemes, Wordpress | 2 Kuteshop, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9. | ||||
| CVE-2026-39614 | 2 Ilghera, Wordpress | 2 Jw Player For Wordpress, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6. | ||||
| CVE-2026-39615 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53. | ||||
| CVE-2026-39616 | 2 Dfactory, Wordpress | 2 Download Attachments, Wordpress | 2026-04-24 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0. | ||||
| CVE-2026-39625 | 2 Kutethemes, Wordpress | 2 Techone, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3. | ||||
| CVE-2026-39627 | 2 Wordpress, Wproyal | 2 Wordpress, Ashe | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266. | ||||
| CVE-2026-39649 | 2 Themebeez, Wordpress | 2 Royale News, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4. | ||||
| CVE-2026-39652 | 2 Igms, Wordpress | 2 Igms Direct Booking, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through <= 1.3. | ||||
| CVE-2026-39638 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14. | ||||
| CVE-2026-39651 | 2 Totalsuite, Wordpress | 2 Total Poll Lite, Wordpress | 2026-04-24 | 6.3 Medium |
| Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||||
| CVE-2026-39636 | 2 Livemesh, Wordpress | 2 Livemesh Addons For Elementor, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0. | ||||
| CVE-2026-39650 | 2 Unitech Web, Wordpress | 2 Unitechpay, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2. | ||||
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-39631 | 2 Ronik@unlimitedwp, Wordpress | 2 Wpschoolpress, Wordpress | 2026-04-24 | 4.9 Medium |
| Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35. | ||||
| CVE-2026-39641 | 2 Skywarrior, Wordpress | 2 Blackfyre, Wordpress | 2026-04-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4. | ||||
| CVE-2026-39647 | 2 Sonaar, Wordpress | 2 Mp3 Audio Player For Music, Radio & Podcast, Wordpress | 2026-04-24 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11. | ||||
| CVE-2026-39648 | 2 Themebeez, Wordpress | 2 Cream Blog, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | ||||
| CVE-2026-39653 | 2 Imdpen, Wordpress | 2 Video Conferencing With Zoom, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6. | ||||
| CVE-2026-39654 | 2 Ashish Ajani, Wordpress | 2 Wp Simple Html Sitemap, Wordpress | 2026-04-24 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.8. | ||||