Export limit exceeded: 12196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4065 | 2 Nextendweb, Wordpress | 2 Smart Slider 3, Wordpress | 2026-04-08 | 5.4 Medium |
| The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not call checkForCap() (which requires unfiltered_html capability), and several controller actions only validate the nonce (validateToken()) without calling validatePermission(). This makes it possible for authenticated attackers, with Contributor-level access and above, to enumerate slider metadata and create, modify, and delete image storage records by obtaining the nextend_nonce exposed on post editor pages. | ||||
| CVE-2026-3480 | 2 Burlingtonbytes, Wordpress | 2 Wp Blockade – Visual Page Builder, Wordpress | 2026-04-08 | 6.5 Medium |
| The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an admin_post action hook 'wp-blockade-shortcode-render' that maps to the render_shortcode_preview() function. This function lacks any capability check (current_user_can()) and nonce verification, allowing any authenticated user to execute arbitrary WordPress shortcodes. The function takes a user-supplied 'shortcode' parameter from $_GET, passes it through stripslashes(), and directly executes it via do_shortcode(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes, which could lead to information disclosure, privilege escalation, or other impacts depending on what shortcodes are registered on the site (e.g., shortcodes from other plugins that display sensitive data, perform actions, or include files). | ||||
| CVE-2026-4406 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2026-04-08 | 4.7 Medium |
| The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX action in all versions up to, and including, 2.9.30. This is due to the `GFCommon::send_json()` method outputting JSON-encoded data wrapped in HTML comment delimiters using `echo` and `wp_die()`, which serves the response with a `Content-Type: text/html` header instead of `application/json`. The `wp_json_encode()` function does not HTML-encode angle brackets within JSON string values, allowing injected HTML/script tags in `form_ids` array values to be parsed and executed by the browser. The required `config_nonce` is generated with `wp_create_nonce('gform_config_ajax')` and is publicly embedded on every page that renders a Gravity Forms form, making it identical for all unauthenticated visitors within the same 12-hour nonce tick. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability cannot be exploited against users who are authenticated on the target system, but could be used to alter the target page. | ||||
| CVE-2026-2263 | 2 Wordpress, Wpmudev | 2 Wordpress, Hustle – Email Marketing, Lead Generation, Optins, Popups | 2026-04-08 | 5.3 Medium |
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustle_module_converted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for unauthenticated attackers to forge conversion tracking events for any Hustle module, including draft modules that are never displayed to users, thereby manipulating marketing analytics and conversion statistics. | ||||
| CVE-2026-3499 | 2 Jkohlbach, Wordpress | 2 Product Feed Pro For Woocommerce By Adtribes – Product Feeds For Woocommerce, Wordpress | 2026-04-08 | 8.8 High |
| The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajax_migrate_to_custom_post_type, ajax_adt_clear_custom_attributes_product_meta_keys, ajax_update_file_url_to_lower_case, ajax_use_legacy_filters_and_rules, and ajax_fix_duplicate_feed functions. This makes it possible for unauthenticated attackers to trigger feed migration, clear custom-attribute transient caches, rewrite feed file URLs to lowercase, toggle legacy filter and rule settings, and delete duplicated feed posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-3535 | 2 Mlfactory, Wordpress | 2 Dsgvo Google Web Fonts Gdpr, Wordpress | 2026-04-08 | 9.8 Critical |
| The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook, requiring no authentication. It fetches a user-supplied URL as a CSS file, extracts URLs from its content, and downloads those files to a publicly accessible directory without validating the file type. This makes it possible for unauthenticated attackers to upload arbitrary files including PHP webshells, leading to remote code execution. The exploit requires the site to use one of a handful of specific themes (twentyfifteen, twentyseventeen, twentysixteen, storefront, salient, or shapely). | ||||
| CVE-2026-4808 | 2 Tidevapps, Wordpress | 2 Gerador De Certificados – Devapps, Wordpress | 2026-04-08 | 7.2 High |
| The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile() function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2026-4333 | 2 Thimpress, Wordpress | 2 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses, Wordpress | 2026-04-08 | 6.4 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learn_press_courses shortcode in all versions up to and including 4.3.3. This is due to insufficient input sanitization and output escaping on the 'skin' shortcode attribute. The attribute value is used directly in an sprintf() call that generates HTML (class attribute and data-layout attribute) without any esc_attr() escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-4394 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2026-04-08 | 6.1 Medium |
| The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field (`input_<id>.4`) in all versions up to, and including, 2.9.30. This is due to the `get_value_entry_detail()` method in the `GF_Field_CreditCard` class outputting the card type value without escaping, combined with `get_value_save_entry()` accepting and storing unsanitized user input for the `input_<id>.4` parameter. The Card Type field is not rendered on the frontend form (it is normally derived from the card number), but the backend submission parser blindly accepts it if included in the POST request. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form entry in the WordPress dashboard. | ||||
| CVE-2026-5032 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-04-08 | 7.5 High |
| The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw mfunc/mclude dynamic fragment HTML comments — including the W3TC_DYNAMIC_SECURITY security token — to be rendered in the page source. This makes it possible for unauthenticated attackers to discover the value of the W3TC_DYNAMIC_SECURITY constant by sending a crafted User-Agent header to any page that contains developer-placed dynamic fragment tags, granted the site has the fragment caching feature enabled. With the leaked W3TC_DYNAMIC_SECURITY token, an attacker can craft valid mfunc tags to execute arbitrary PHP code on the server, achieving remote code execution. | ||||
| CVE-2026-0740 | 2 Saturdaydrive, Wordpress | 2 Ninja Forms - File Uploads, Wordpress | 2026-04-08 | 9.8 Critical |
| The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27. | ||||
| CVE-2026-3177 | 2 Smub, Wordpress | 2 Charitable – Donation Plugin For Wordpress – Fundraising With Recurring Donations & More, Wordpress | 2026-04-08 | 5.3 Medium |
| The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook events. This makes it possible for unauthenticated attackers to forge payment_intent.succeeded webhook payloads and mark pending donations as completed without a real payment. | ||||
| CVE-2024-6028 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-04-08 | 9.8 Critical |
| The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-4566 | 2 Hasthemes, Wordpress | 2 Shoplentor, Wordpress | 2026-04-08 | 7.1 High |
| The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This vulnerability can be exploited by attackers with subscriber- or customer-level access and above if (1) the WooCommerce plugin is deactivated or (2) access to the default WordPress admin dashboard is explicitly enabled for authenticated users. | ||||
| CVE-2024-4361 | 2 Siteorigin, Wordpress | 2 Page Builder, Wordpress | 2026-04-08 | 6.4 Medium |
| The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3345 | 2 Hasthemes, Wordpress | 2 Shoplentor, Wordpress | 2026-04-08 | 6.4 Medium |
| The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1206 | 2 Bootstrapped, Wordpress | 2 Wp Recipe Maker, Wordpress | 2026-04-08 | 8.8 High |
| The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-1043 | 2 Ampforwp, Wordpress | 2 Accelerated Mobile Pages, Wordpress | 2026-04-08 | 6.5 Medium |
| The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site. | ||||
| CVE-2024-13736 | 2 Purechat, Wordpress | 2 Pure Chat, Wordpress | 2026-04-08 | 6.1 Medium |
| The Pure Chat – Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-0873 | 2 Kibokolabs, Wordpress | 2 Watu Quiz, Wordpress | 2026-04-08 | 6.4 Medium |
| The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||