Export limit exceeded: 13704 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13704 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42743 | 2 Themegrill, Wordpress | 2 Masteriyo, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions. | ||||
| CVE-2026-45437 | 2 Brthumar1959, Wordpress | 2 Product Filter Widget For Elementor, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. | ||||
| CVE-2026-45441 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. | ||||
| CVE-2026-48878 | 2 Bootstrapped, Wordpress | 2 Visual Link Preview, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. | ||||
| CVE-2026-49043 | 2 Wordpress, Wpengine | 2 Wordpress, Wp Migrate | 2026-06-26 | 4.7 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions. | ||||
| CVE-2026-49078 | 2 Wordpress, Wptravelengine | 2 Wordpress, Wp Travel Engine | 2026-06-26 | 7.5 High |
| Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | ||||
| CVE-2026-49104 | 2 Crm Perks, Wordpress | 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | ||||
| CVE-2026-49109 | 2 Crmperks, Wordpress | 2 Integration For Salesforce And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||||
| CVE-2026-49766 | 2 Wordpress, Wpusermanager | 2 Wordpress, Wp User Manager | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-49770 | 2 Wordpress, Wptravelengine | 2 Wordpress, Wp Travel Engine | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | ||||
| CVE-2026-49775 | 2 Welcart, Wordpress | 2 Welcart E-commerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||||
| CVE-2026-49776 | 2 John-dagelmore, Wordpress | 2 Gptranslate – Multilingual Ai Translation For Wordpress: Automatically Translate Websites, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||||
| CVE-2026-52703 | 2 Ninjateam, Wordpress | 2 Fastdup, Wordpress | 2026-06-26 | 9.6 Critical |
| Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | ||||
| CVE-2026-52714 | 2 Squirrly, Wordpress | 2 Seo Plugin By Squirrly Seo, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | ||||
| CVE-2026-49772 | 2 Stellarwp, Wordpress | 2 The Events Calendar, Wordpress | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | ||||
| CVE-2026-12256 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-06-26 | 8.8 High |
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. | ||||
| CVE-2026-39433 | 2 Mojoomla, Wordpress | 2 Wpams Plugin, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. | ||||
| CVE-2026-39539 | 2 Edge-themes, Wordpress | 2 Alloggio Hotel Booking, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. | ||||
| CVE-2026-49073 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-06-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3. | ||||
| CVE-2026-39598 | 2 Kodezen, Wordpress | 2 Academy Lms, Wordpress | 2026-06-26 | 8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2. | ||||