Export limit exceeded: 341449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22523 | 2 Themepassion, Wordpress | 2 Ultra Wordpress Admin, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through <= 11.7. | ||||
| CVE-2025-69347 | 2 Convers Lab, Wordpress | 2 Wpsubscription, Wordpress | 2026-03-30 | 8.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10. | ||||
| CVE-2026-22480 | 2 Webtoffee, Wordpress | 2 Product Feed For Woocommerce, Wordpress | 2026-03-30 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-22505 | 2 Ancorathemes, Wordpress | 2 Morning Records, Wordpress | 2026-03-30 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2. | ||||
| CVE-2026-22485 | 2 Ruhul080, Wordpress | 2 My Album Gallery, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through <= 1.0.4. | ||||
| CVE-2026-22507 | 2 Ancorathemes, Wordpress | 2 Beelove, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6. | ||||
| CVE-2026-22510 | 2 Ancorathemes, Wordpress | 2 Melody, Wordpress | 2026-03-30 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3. | ||||
| CVE-2026-24364 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5. | ||||
| CVE-2026-22498 | 2 Elated-themes, Wordpress | 2 Laurent, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1. | ||||
| CVE-2026-22515 | 2 Ancorathemes, Wordpress | 2 Vegadays, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0. | ||||
| CVE-2026-32524 | 2 Jordy Meow, Wordpress | 2 Photo Engine, Wordpress | 2026-03-30 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9. | ||||
| CVE-2026-25317 | 2 Tychesoftwares, Wordpress | 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.9.0. | ||||
| CVE-2026-25456 | 2 Aarsiv Groups, Wordpress | 2 Automated Fedex Live/manual Rates With Shipping Labels, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.8. | ||||
| CVE-2026-27071 | 2 Arraytics, Wordpress | 2 Wpcafe, Wordpress | 2026-03-30 | 9.1 Critical |
| Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7. | ||||
| CVE-2026-32498 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||||
| CVE-2026-24971 | 2 Elated-themes, Wordpress | 2 Search And Go Theme, Wordpress | 2026-03-30 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8. | ||||
| CVE-2026-25390 | 2 Saad Iqbal, Wordpress | 2 New User Approve, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3. | ||||
| CVE-2026-25406 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-03-30 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. | ||||
| CVE-2026-27075 | 2 Mikado-themes, Wordpress | 2 Belfort, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0. | ||||
| CVE-2026-32482 | 2 Deothemes, Wordpress | 2 Ona, Wordpress | 2026-03-30 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. | ||||