Search
Search Results (361680 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57662 | 2 Wasiliy Strecker, Wordpress | 2 Contest Gallery, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | ||||
| CVE-2026-30041 | 1 Faststone | 1 Image Viewer | 2026-06-26 | 7.5 High |
| An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file. | ||||
| CVE-2026-54826 | 2 Psm Plugins, Wordpress | 2 Supportcandy, Wordpress | 2026-06-26 | 7.6 High |
| Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions. | ||||
| CVE-2026-54831 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | ||||
| CVE-2026-56041 | 2 Dfactory, Wordpress | 2 Responsive Lightbox, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions. | ||||
| CVE-2026-56058 | 2 Themecatcher, Wordpress | 2 Quform, Wordpress | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions. | ||||
| CVE-2026-56066 | 2 Shortpixel, Wordpress | 2 Shortpixel Adaptive Images, Wordpress | 2026-06-26 | 5.8 Medium |
| Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions. | ||||
| CVE-2026-57620 | 2026-06-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8. | ||||
| CVE-2025-66123 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | ||||
| CVE-2026-24547 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions. | ||||
| CVE-2026-54827 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. | ||||
| CVE-2026-54837 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. | ||||
| CVE-2026-56010 | 2 Tychesoftwares, Wordpress | 2 Abandoned Cart Pro For Woocommerce, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. | ||||
| CVE-2026-56029 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions. | ||||
| CVE-2026-56035 | 2026-06-26 | 8.6 High | ||
| Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions. | ||||
| CVE-2026-56043 | 2 Cusrev, Wordpress | 2 Customer Reviews For Woocommerce, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions. | ||||
| CVE-2026-56055 | 2 Inspirythemes, Wordpress | 2 Realhomes, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions. | ||||
| CVE-2026-56062 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. | ||||
| CVE-2026-56069 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions. | ||||
| CVE-2026-57315 | 2026-06-26 | 8.5 High | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions. | ||||