Export limit exceeded: 342290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60080 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0. | ||||
| CVE-2026-5130 | 2 Jhimross, Wordpress | 2 Debugger & Troubleshooter, Wordpress | 2026-04-01 | 8.8 High |
| The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wp_debug_troubleshoot_simulate_user cookie value directly as a user ID without any cryptographic validation or authorization checks. The cookie value was used to override the determine_current_user filter, which allowed unauthenticated attackers to impersonate any user by simply setting the cookie to their target user ID. This made it possible for unauthenticated attackers to gain administrator-level access and perform any privileged actions including creating new administrator accounts, modifying site content, installing plugins, or taking complete control of the WordPress site. The vulnerability was fixed in version 1.4.0 by implementing a cryptographic token-based validation system where only administrators can initiate user simulation, and the cookie contains a random 64-character token that must be validated against database-stored mappings rather than accepting arbitrary user IDs. | ||||
| CVE-2026-32355 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1. | ||||
| CVE-2026-28138 | 2 Stylemixthemes, Wordpress | 2 Ulisting, Wordpress | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. | ||||
| CVE-2026-28105 | 2 Themerex, Wordpress | 2 Good Energy, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7. | ||||
| CVE-2026-28074 | 2 Themerex, Wordpress | 2 Pizza House, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0. | ||||
| CVE-2026-27439 | 2 Themerex, Wordpress | 2 Dentario, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. | ||||
| CVE-2026-27438 | 2 Themerex, Wordpress | 2 Kingler, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. | ||||
| CVE-2026-27437 | 2 Themerex, Wordpress | 2 Tennis Club, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3. | ||||
| CVE-2026-27417 | 2 Seventhqueen, Wordpress | 2 Sweet Date, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1. | ||||
| CVE-2026-27379 | 2 Nextscripts, Wordpress | 2 Nextscripts, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7. | ||||
| CVE-2026-27369 | 2 Boldthemes, Wordpress | 2 Celeste, Wordpress | 2026-04-01 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6. | ||||
| CVE-2026-27338 | 2 Aivahthemes, Wordpress | 2 Car Zone, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7. | ||||
| CVE-2026-27098 | 2 Axiomthemes, Wordpress | 2 Au Pair Agency - Babysitting & Nanny Theme, Wordpress | 2026-04-01 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through <= 1.2.2. | ||||
| CVE-2026-25316 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19. | ||||
| CVE-2026-24954 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.0.8. | ||||
| CVE-2026-24385 | 2 Gerritvanaaken, Wordpress | 2 Podlove Web Player, Wordpress | 2026-04-01 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1. | ||||
| CVE-2026-23798 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10. | ||||
| CVE-2026-23549 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | ||||
| CVE-2026-23544 | 2 Codetipi, Wordpress | 2 Valenti, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5. | ||||