Export limit exceeded: 13614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13614 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57327 | 2 Mainwp, Wordpress | 2 Mainwp, Wordpress | 2026-06-29 | 6.3 Medium |
| Subscriber Broken Access Control in MainWP <= 6.1.1 versions. | ||||
| CVE-2026-57332 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2026-06-29 | 7.1 High |
| Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions. | ||||
| CVE-2026-57320 | 2 Realmag777, Wordpress | 2 Bear, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions. | ||||
| CVE-2026-57337 | 2 Pluginops, Wordpress | 2 Landing Page Builder, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions. | ||||
| CVE-2026-57333 | 2 Spencer Haws, Wordpress | 2 Link Whisper Free, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. | ||||
| CVE-2026-57334 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. | ||||
| CVE-2026-57336 | 2 Astoundify, Wordpress | 2 Jobify, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions. | ||||
| CVE-2026-57338 | 2 Reputeinfosystems, Wordpress | 2 Arforms, Wordpress | 2026-06-29 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions. | ||||
| CVE-2025-10268 | 2 Printcart, Wordpress | 2 Web To Print Product Designer, Wordpress | 2026-06-29 | 5.3 Medium |
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. | ||||
| CVE-2026-10823 | 2 Wordpress, Ymc Filter | 2 Wordpress, Ymc Filter | 2026-06-29 | 7.5 High |
| The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts. | ||||
| CVE-2026-10835 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2026-06-29 | 7.7 High |
| The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks. | ||||
| CVE-2025-63041 | 2 Codeamp, Wordpress | 2 Forget About Shortcode Buttons, Wordpress | 2026-06-29 | 5.4 Medium |
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2025-63078 | 2 Jetmonsters, Wordpress | 2 Restaurant Menu By Motopress, Wordpress | 2026-06-29 | 4.3 Medium |
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | ||||
| CVE-2025-63079 | 2 Bdthemes, Wordpress | 2 Live Copy Paste For Elementor, Wordpress | 2026-06-29 | 4.3 Medium |
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. | ||||
| CVE-2025-64636 | 2 Rhewlif, Wordpress | 2 Donation Thermometer, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2025-64637 | 2 Opal Wp, Wordpress | 2 Auros Core, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. | ||||
| CVE-2025-66123 | 2 About Envato, Wordpress | 2 Bookpro, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | ||||
| CVE-2025-68063 | 2 Stylemixthemes, Wordpress | 2 Splash - Sport Club Wordpress Theme For Basketball, Football, Hockey, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | ||||
| CVE-2025-68064 | 2 Everthemess, Wordpress | 2 Goya Core, Wordpress | 2026-06-29 | 7.5 High |
| Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. | ||||
| CVE-2025-68074 | 2 Ghozylab, Wordpress | 2 Image Carousel, Wordpress | 2026-06-29 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||