Export limit exceeded: 11921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11921 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56296 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kitae Park Mang Board WP mangboard allows Reflected XSS.This issue affects Mang Board WP: from n/a through <= 1.8.4. | ||||
| CVE-2024-56294 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-23 | 6.4 Medium |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.0.7. | ||||
| CVE-2024-56293 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Ahmed Advanced Form Integration advanced-form-integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through <= 1.95.0. | ||||
| CVE-2024-56291 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in plainware PlainInventory z-inventory-manager allows Object Injection.This issue affects PlainInventory: from n/a through <= 3.1.6. | ||||
| CVE-2024-56285 | 2 Wordpress, Wpbits | 2 Wordpress, Wpbits Addons For Elementor Page Builder | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.5.1. | ||||
| CVE-2024-56280 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0. | ||||
| CVE-2024-56275 | 2 Envato, Wordpress | 2 Envato Elements, Wordpress | 2026-04-23 | 4.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements envato-elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through <= 2.0.14. | ||||
| CVE-2024-56270 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Retrieve Embedded Sensitive Data.This issue affects WP SecureSubmit: from n/a through <= 1.5.20. | ||||
| CVE-2024-56265 | 3 Wordpress, Wpweb, Wpwebelite | 3 Wordpress, Woocommerce Pdf Vouchers, Woocommerce Pdf Vouchers | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9. | ||||
| CVE-2024-56264 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.6 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0. | ||||
| CVE-2024-56262 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches gs-coach allows Stored XSS.This issue affects GS Coaches: from n/a through <= 1.1.0. | ||||
| CVE-2024-56260 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement shopelement allows Stored XSS.This issue affects ShopElement: from n/a through <= 2.0.0. | ||||
| CVE-2024-56258 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlockArt Magazine Blocks magazine-blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through <= 1.3.20. | ||||
| CVE-2024-56257 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolPlugins Coins MarketCap coins-marketcap allows DOM-Based XSS.This issue affects Coins MarketCap: from n/a through <= 5.5.8. | ||||
| CVE-2024-56256 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer.This issue affects Embed PDF Viewer: from n/a through <= 2.3.1. | ||||
| CVE-2024-56255 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Stiofan AyeCode Connect ayecode-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AyeCode Connect: from n/a through <= 1.3.8. | ||||
| CVE-2024-56249 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1. | ||||
| CVE-2024-56248 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Path Traversal.This issue affects WPMasterToolKit: from n/a through <= 1.13.1. | ||||
| CVE-2024-56246 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through <= 4.0.4. | ||||
| CVE-2024-56244 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in WP Royal Ashe Extra ashe-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through <= 1.2.92. | ||||