Export limit exceeded: 12590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24527 | 2 Patterns In The Cloud, Wordpress | 2 Autoship Cloud For Woocommerce Subscription Products, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0. | ||||
| CVE-2026-39436 | 2 Bgermann, Wordpress | 2 Cformsii, Wordpress | 2026-05-26 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3. | ||||
| CVE-2026-45209 | 2 Edward Plainview, Wordpress | 2 Mycryptocheckout, Wordpress | 2026-05-26 | 7.5 High |
| Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161. | ||||
| CVE-2026-42763 | 2 Sepay Team, Wordpress | 2 Sepay Gateway, Wordpress | 2026-05-26 | 6.5 Medium |
| Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20. | ||||
| CVE-2026-32389 | 2 Linethemes, Wordpress | 2 Nanocare, Wordpress | 2026-05-26 | 5.4 Medium |
| Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2. | ||||
| CVE-2026-39661 | 2 Magentech, Wordpress | 2 Sw Core, Wordpress | 2026-05-26 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18. | ||||
| CVE-2026-39642 | 2 Spabrice, Wordpress | 2 Nyla, Wordpress | 2026-05-26 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7. | ||||
| CVE-2026-27427 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-05-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18. | ||||
| CVE-2026-24638 | 2 Webful Creations, Wordpress | 2 Repairbuddy, Wordpress | 2026-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121. | ||||
| CVE-2026-24590 | 2 Videowhisper.com, Wordpress | 2 Paid Videochat Turnkey Site, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23. | ||||
| CVE-2026-41471 | 2 Scott Paterson, Wordpress | 2 Easy-paypal-events-tickets, Wordpress | 2026-05-26 | 7.5 High |
| The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs through the scan_qr.php endpoint to harvest the complete set of orders stored in the database without requiring authentication or prior knowledge of specific order identifiers. | ||||
| CVE-2022-50960 | 2 Varun Sridharan, Wordpress | 2 International Sms For Contact Form, Wordpress | 2026-05-26 | 6.1 Medium |
| WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary JavaScript in administrator browsers. | ||||
| CVE-2022-50945 | 2 3dady, Wordpress | 2 Real-time Web Stats, Wordpress | 2026-05-26 | 6.4 Medium |
| WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady_input_text or dady2_input_text fields via the plugin options panel to execute arbitrary code when the page is viewed. | ||||
| CVE-2021-47975 | 2 Wordpress, Wplearnmanager | 2 Wordpress, Wp Learn Manager | 2026-05-26 | 7.2 High |
| WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface. | ||||
| CVE-2012-10027 | 3 Wordpress, Wp-property, Wp-property-hive | 3 Wordpress, Wp-property Wordpress Plugin, Wordpress Plugin | 2026-05-26 | N/A |
| WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution. | ||||
| CVE-2026-24597 | 2 Wordpress, Wpdevart | 2 Wordpress, Organization Chart | 2026-05-26 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5. | ||||
| CVE-2026-24574 | 2 Myrecorp, Wordpress | 2 Export Wp Page To Static Html/css, Wordpress | 2026-05-26 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0. | ||||
| CVE-2025-62745 | 2 Pickplugins, Wordpress | 2 Team Showcase, Wordpress | 2026-05-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28. | ||||
| CVE-2026-24554 | 2 Convers Lab, Wordpress | 2 Wpsubscription, Wordpress | 2026-05-26 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1. | ||||
| CVE-2026-27357 | 2 Cornelraiu, Wordpress | 2 Wp Search Analytics, Wordpress | 2026-05-26 | 5.3 Medium |
| Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0. | ||||