Search

Expected end of text, found '/' (at char 34), (line:1, col:35)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347172 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-39509 2 Wordpress, Wpwax 2 Wordpress, Directorist 2026-04-24 5.3 Medium
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
CVE-2026-39526 2 Wordpress, Wpstream 2 Wordpress, Wpstream 2026-04-24 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.
CVE-2026-34887 2 Extendthemes, Wordpress 2 Kubio Ai Page Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0.
CVE-2026-34889 2 Brainstormforce, Wordpress 2 Ultimate Addons For Wpbakery Page Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4.
CVE-2026-34896 2 Analytify, Wordpress 2 Under Construction, Coming Soon & Maintenance Mode, Wordpress 2026-04-24 7.5 High
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.
CVE-2026-39473 2 Pär Thernström, Wordpress 2 Simple History, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.
CVE-2026-39476 2 Syed Balkhi, Wordpress 2 User Feedback, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2026-39483 2 Hidekazu Ishikawa, Wordpress 2 Vk All In One Expansion Unit, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.
CVE-2026-39485 2 Embedplus, Wordpress 2 Youtube Embed Plus, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4.
CVE-2026-39500 2 Themesflat, Wordpress 2 Themesflat Addons For Elementor, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2.
CVE-2026-39501 2 Realmag777, Wordpress 2 Fox, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5.
CVE-2026-39516 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-04-24 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
CVE-2026-39464 2 Seedprod, Wordpress 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress 2026-04-24 5.5 Medium
Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-39570 2 Aa Web Servant, Wordpress 2 12 Step Meeting List, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
CVE-2026-39569 2 Aa Web Servant, Wordpress 2 12 Step Meeting List, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
CVE-2026-39536 2 Wordpress, Wpchill 2 Wordpress, Rsvp And Event Management 2026-04-24 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
CVE-2026-39528 2 Wordpress, Wpdelicious 2 Wordpress, Wp Delicious 2026-04-24 5.3 Medium
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5.
CVE-2026-39541 2 Themefic, Wordpress 2 Hydra Booking, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38.
CVE-2026-39588 2 Nmerii, Wordpress 2 Nm Gift Registry And Wishlist Lite, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.
CVE-2026-39544 2 Themestek, Wordpress 2 Labtechco, Wordpress 2026-04-24 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3.