Export limit exceeded: 361449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40799 | 2 Replywp, Wordpress | 2 Simple Cloudfare Turnstile, Wordpress | 2026-06-26 | 5.8 Medium |
| Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. | ||||
| CVE-2026-42668 | 2 Omnisend, Wordpress | 2 Email Marketing For Woocommerce, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions. | ||||
| CVE-2026-42686 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-06-26 | 7.1 High |
| Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. | ||||
| CVE-2026-42687 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | ||||
| CVE-2026-42743 | 2 Themegrill, Wordpress | 2 Masteriyo, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions. | ||||
| CVE-2026-45437 | 2 Brthumar1959, Wordpress | 2 Product Filter Widget For Elementor, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. | ||||
| CVE-2026-45441 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. | ||||
| CVE-2026-48878 | 2 Bootstrapped, Wordpress | 2 Visual Link Preview, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. | ||||
| CVE-2026-49043 | 2 Wordpress, Wpengine | 2 Wordpress, Wp Migrate | 2026-06-26 | 4.7 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions. | ||||
| CVE-2026-49078 | 2 Wordpress, Wptravelengine | 2 Wordpress, Wp Travel Engine | 2026-06-26 | 7.5 High |
| Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | ||||
| CVE-2026-49104 | 2 Crm Perks, Wordpress | 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | ||||
| CVE-2026-49109 | 2 Crmperks, Wordpress | 2 Integration For Salesforce And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||||
| CVE-2026-49766 | 2 Wordpress, Wpusermanager | 2 Wordpress, Wp User Manager | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-49770 | 2 Wordpress, Wptravelengine | 2 Wordpress, Wp Travel Engine | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | ||||
| CVE-2026-49775 | 2 Welcart, Wordpress | 2 Welcart E-commerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||||
| CVE-2026-49776 | 2 John-dagelmore, Wordpress | 2 Gptranslate – Multilingual Ai Translation For Wordpress: Automatically Translate Websites, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||||
| CVE-2026-52703 | 2 Ninjateam, Wordpress | 2 Fastdup, Wordpress | 2026-06-26 | 9.6 Critical |
| Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | ||||
| CVE-2026-52714 | 2 Squirrly, Wordpress | 2 Seo Plugin By Squirrly Seo, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | ||||
| CVE-2026-49772 | 2 Stellarwp, Wordpress | 2 The Events Calendar, Wordpress | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | ||||
| CVE-2026-35318 | 2 Oracle, Orcacle | 2 Webcenter Sites, Webcenter Sites | 2026-06-26 | 8.8 High |
| Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||