Export limit exceeded: 13251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13251 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25360 | 2 Rascals, Wordpress | 2 Vex, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9. | ||||
| CVE-2026-25306 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through <= 5.6.4. | ||||
| CVE-2026-25346 | 2 Ays-pro, Wordpress | 2 Faq Builder, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through <= 1.8.2. | ||||
| CVE-2026-22480 | 2 Webtoffee, Wordpress | 2 Product Feed For Woocommerce, Wordpress | 2026-04-24 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-22484 | 2 Pebas, Wordpress | 2 Lisfinity Core, Wordpress | 2026-04-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through <= 1.5.0. | ||||
| CVE-2026-22491 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.35. | ||||
| CVE-2026-22493 | 2 Elated-themes, Wordpress | 2 Gaspard, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through <= 1.3. | ||||
| CVE-2026-22503 | 2 Themerex, Wordpress | 2 Nelson, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0. | ||||
| CVE-2026-22506 | 2 Elated-themes, Wordpress | 2 Amoli, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from n/a through <= 1.0. | ||||
| CVE-2026-22508 | 2 Ancorathemes, Wordpress | 2 Dentalux, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3. | ||||
| CVE-2026-22510 | 2 Ancorathemes, Wordpress | 2 Melody, Wordpress | 2026-04-24 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3. | ||||
| CVE-2026-22511 | 2 Elated-themes, Wordpress | 2 Neobeat, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through <= 1.2. | ||||
| CVE-2026-22512 | 2 Elated-themes, Wordpress | 2 Roisin, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1. | ||||
| CVE-2026-22514 | 2 Ancorathemes, Wordpress | 2 Unica, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1. | ||||
| CVE-2026-22516 | 2 Ancorathemes, Wordpress | 2 Wizor's, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12. | ||||
| CVE-2026-22523 | 2 Themepassion, Wordpress | 2 Ultra Wordpress Admin, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through <= 11.7. | ||||
| CVE-2026-23971 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-24 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. | ||||
| CVE-2026-23977 | 2 Wordpress, Wpfactory | 2 Wordpress, Helpdesk Support Ticket System For Woocommerce | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2. | ||||
| CVE-2026-24362 | 2 Bdthemes, Wordpress | 2 Ultimate Post Kit, Wordpress | 2026-04-24 | 6.4 Medium |
| Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21. | ||||
| CVE-2026-24363 | 2 Loopus, Wordpress | 2 Wp Cost Estimation & Payment Forms Builder, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0. | ||||