Export limit exceeded: 364189 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364189 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57411 | 2 Aman, Wordpress | 2 Cf7 Views – Complete Entry Management For Contact Form 7, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views – Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views – Complete Entry Management for Contact Form 7: from n/a through <= 3.2.2. | ||||
| CVE-2026-57365 | 2 Hitesh Chandwani, Wordpress | 2 Recaptcha (v2 & V3) For Asgaros Forum, Wordpress | 2026-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 & v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 & v3) for Asgaros Forum: from n/a through <= 1.1.0. | ||||
| CVE-2026-57364 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Better Payment – Instant Payments, Donations, Fundraising With Subscriptions & More | 2026-07-13 | 6.5 Medium |
| Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More: from n/a through <= 2.2.0. | ||||
| CVE-2026-57378 | 2 Phil Kurth, Wordpress | 2 Advanced Forms, Wordpress | 2026-07-13 | 7.5 High |
| Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through <= 1.9.3.7. | ||||
| CVE-2026-57417 | 2 Rextheme, Wordpress | 2 Cart Lift, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= 3.1.57. | ||||
| CVE-2026-57423 | 2 Kofimokome, Wordpress | 2 Message Filter For Contact Form 7, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.8. | ||||
| CVE-2026-57406 | 2 Roxnor, Wordpress | 2 Fundengine, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through <= 1.7.6. | ||||
| CVE-2026-57695 | 2 Dan Rossiter, Wordpress | 2 Document Gallery, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through <= 5.1.0. | ||||
| CVE-2026-57424 | 2 Knitpay, Wordpress | 2 Razorpay Payment Links For Woocommerce, Wordpress | 2026-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through <= 2.1.4. | ||||
| CVE-2026-57707 | 2026-07-13 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through <= 15.9.4. | ||||
| CVE-2026-57739 | 2 Acymailing Newsletter Team, Wordpress | 2 Acymailing Smtp Newsletter, Wordpress | 2026-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0. | ||||
| CVE-2026-57733 | 2026-07-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through <= 3.9.4. | ||||
| CVE-2026-57741 | 2 Acymailing Newsletter Team, Wordpress | 2 Acymailing Smtp Newsletter, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0. | ||||
| CVE-2026-57768 | 2 Favethemes, Wordpress | 2 Houzez Login Register, Wordpress | 2026-07-13 | 8.2 High |
| Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through <= 3.3.3. | ||||
| CVE-2026-57743 | 2 Stmcan, Wordpress | 2 Rt-theme 18 | Extensions, Wordpress | 2026-07-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | ||||
| CVE-2026-57771 | 2 Milan Petrovic, Wordpress | 2 Gd Rating System, Wordpress | 2026-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through <= 3.7. | ||||
| CVE-2026-57774 | 2 Vowelweb, Wordpress | 2 Vw Food Corner, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through <= 1.1.0. | ||||
| CVE-2026-57776 | 2 Vowelweb, Wordpress | 2 Vw Wedding, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7. | ||||
| CVE-2026-57772 | 2 Wordpress, Wpinventory | 2 Wordpress, Wp Inventory Manager | 2026-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through <= 2.4.0. | ||||
| CVE-2026-57779 | 2 Themebeez, Wordpress | 2 Fascinate, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5. | ||||