Search

Expected end of text, found '\' (at char 28), (line:1, col:29)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (359632 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-23979 2 Softwebmedia, Wordpress 2 Gyan Elements, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through <= 2.2.1.
CVE-2026-4314 2 Wordpress, Wpextended 2 Wordpress, Ultimate Wordpress Toolkit 2026-04-24 8.8 High
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using an insecure `strpos()` check against `$_SERVER['REQUEST_URI']` to determine if a request targets the dashboard or profile page. The `grantVirtualCaps()` method, which is hooked into the `user_has_cap` filter, grants elevated capabilities including `manage_options` when this check returns true. This makes it possible for authenticated attackers, with Subscriber-level access and above, to gain administrative capabilities by appending a crafted query parameter to any admin URL, allowing them to update arbitrary WordPress options and ultimately create new Administrator accounts.
CVE-2025-10736 2 Reviewx, Wordpress 2 Reviewx – Multi-criteria Reviews For Woocommerce With Google Reviews & Schema, Wordpress 2026-04-24 6.5 Medium
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration
CVE-2026-24362 2 Bdthemes, Wordpress 2 Ultimate Post Kit, Wordpress 2026-04-24 6.4 Medium
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
CVE-2026-24363 2 Loopus, Wordpress 2 Wp Cost Estimation & Payment Forms Builder, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.
CVE-2026-24364 2 Wedevs, Wordpress 2 Wp User Frontend, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
CVE-2026-24370 2 Theme-one, Wordpress 2 The Grid, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-24382 2 Wordpress, Wp-royal-themes 2 Wordpress, News Magazine X 2026-04-24 7.5 High
Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a through <= 1.2.50.
CVE-2026-24391 2 Thememakers, Wordpress 2 Car Dealer, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through <= 1.6.7.
CVE-2026-24968 2 Wordpress, Xagio 2 Wordpress, Xagio Seo 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.
CVE-2026-24969 2 Designingmedia, Wordpress 2 Instant Va, Wordpress 2026-04-24 7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through <= 1.0.1.
CVE-2026-24971 2 Elated-themes, Wordpress 2 Search And Go Theme, Wordpress 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2026-24973 2 Nootheme, Wordpress 2 Citilights, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through <= 3.7.1.
CVE-2026-24974 2 Nootheme, Wordpress 2 Citilights, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.
CVE-2026-24976 2 Nootheme, Wordpress 2 Organici Library, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-24980 2 Nootheme, Wordpress 2 Visionary Core, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24983 2 Upsolution, Wordpress 2 Upsolution Core, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from n/a through <= 8.41.
CVE-2026-24993 2 Wordpress, Wpfactory 2 Wordpress, Advanced Woocommerce Product Sales Reporting 2026-04-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3.
CVE-2026-25018 2 Stmcan, Wordpress 2 Naturalife Extensions, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1.
CVE-2026-25026 2 Radiustheme, Wordpress 2 Team, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11.