Export limit exceeded: 350384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350384 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24553 | 2 Dotstore, Wordpress | 2 Fraud Prevention For Woocommerce, Wordpress | 2026-04-16 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.2. | ||||
| CVE-2026-24557 | 2 Wen Solutions, Wordpress | 2 Contact Form 7 Getresponse Extension, Wordpress | 2026-04-16 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8. | ||||
| CVE-2026-24585 | 3 Hyyan Abo Fakher, Woocommerce, Wordpress | 3 Hyyan Woocommerce Polylang Integration, Woocommerce, Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0. | ||||
| CVE-2026-24599 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-04-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2026-24609 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1. | ||||
| CVE-2026-24614 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.10. | ||||
| CVE-2026-35615 | 2 Mervinpraison, Praison | 2 Praisonai, Praisonai | 2026-04-16 | 7.5 High |
| PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal to any file on the system. This vulnerability is fixed in 1.5.113. | ||||
| CVE-2026-24616 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.5. | ||||
| CVE-2026-24632 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through <= 1.0.0. | ||||
| CVE-2026-24634 | 2 Rustaurius, Wordpress | 2 Ultimate Reviews, Wordpress | 2026-04-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16. | ||||
| CVE-2026-24938 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through <= 4.2.1. | ||||
| CVE-2026-24940 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through <= 1.3.3. | ||||
| CVE-2026-24942 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1. | ||||
| CVE-2026-24951 | 2 Saadiqbal, Wordpress | 2 Mycred, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3. | ||||
| CVE-2026-24952 | 2 Craig Hewitt, Wordpress | 2 Seriously Simple Podcasting, Wordpress | 2026-04-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1. | ||||
| CVE-2026-24958 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2026-04-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2. | ||||
| CVE-2026-24961 | 2 Themegoods, Wordpress | 2 Grand Blog, Wordpress | 2026-04-16 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5. | ||||
| CVE-2026-24965 | 3 Contest-gallery, Contest Gallery, Wordpress | 3 Contest Gallery, Contest Gallery, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1. | ||||
| CVE-2026-24967 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | ||||
| CVE-2026-24982 | 2 Brainstormforce, Wordpress | 2 Spectra, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.17. | ||||