Export limit exceeded: 341376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341376 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27087 | 2 G5theme, Wordpress | 2 Wolverine Framework, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9. | ||||
| CVE-2026-27095 | 2 Mage-people, Wordpress | 2 Bus Ticket Booking With Seat Reservation, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.6.0. | ||||
| CVE-2026-32491 | 2 Jgwhite33, Wordpress | 2 Wp Review Slider, Wordpress | 2026-03-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9. | ||||
| CVE-2026-32492 | 2 Joe Dolson, Wordpress | 2 My Tickets, Wordpress | 2026-03-30 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | ||||
| CVE-2026-32494 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | ||||
| CVE-2026-32500 | 2 Creativews, Wordpress | 2 Metamax, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4. | ||||
| CVE-2026-32511 | 2 Mikado-themes, Wordpress | 2 Stål, Wordpress | 2026-03-30 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7. | ||||
| CVE-2026-32515 | 2 Kamleshyadav, Wordpress | 2 Miraculous, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2. | ||||
| CVE-2026-32520 | 2 Andrew Munro / Affiliatewp, Wordpress | 2 Rewardswp, Wordpress | 2026-03-30 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4. | ||||
| CVE-2026-32521 | 2 Northern Beaches Websites, Wordpress | 2 Wp Custom Admin Interface, Wordpress | 2026-03-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42. | ||||
| CVE-2026-32526 | 2 Villatheme, Wordpress | 2 Abandoned Cart Recovery For Woocommerce, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10. | ||||
| CVE-2026-32537 | 2 Visualportfolio, Wordpress | 2 Visual Portfolio, Photo Gallery & Post Grid, Wordpress | 2026-03-30 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <= 3.5.1. | ||||
| CVE-2026-32538 | 2 Noor Alam, Wordpress | 2 Smtp Mailer, Wordpress | 2026-03-30 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24. | ||||
| CVE-2026-32539 | 2 Publishpress, Wordpress | 2 Publishpress Revisions, Wordpress | 2026-03-30 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through <= 3.7.23. | ||||
| CVE-2026-32545 | 2 Taboola, Wordpress | 2 Taboola Pixel, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through <= 1.1.4. | ||||
| CVE-2026-32546 | 2 Stellarwp, Wordpress | 2 Restrict Content, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22. | ||||
| CVE-2026-4862 | 1 Utt | 1 Hiper 1250gw | 2026-03-30 | 8.8 High |
| A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-32567 | 2 Icopydoc, Wordpress | 2 Yml For Yandex Market, Wordpress | 2026-03-30 | 6.8 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0. | ||||
| CVE-2026-4825 | 1 Sourcecodester | 1 Sales And Inventory System | 2026-03-30 | 6.3 Medium |
| A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4075 | 2 Wordpress, Xenioushk | 2 Wordpress, Bwl Advanced Faq Manager Lite | 2026-03-30 | 6.4 Medium |
| The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sbox_id', 'sbox_class', 'placeholder', 'highlight_color', 'highlight_bg', and 'cont_ext_class'. These attributes are directly interpolated into HTML element attributes without any esc_attr() escaping in the baf_sbox() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||