Search

Search Results (365210 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57369 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4.
CVE-2026-57802 2 Select-themes, Wordpress 2 Struktur, Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through <= 2.5.1.
CVE-2026-10085 1 Mattermost 1 Mattermost 2026-07-13 5.4 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688
CVE-2026-10106 1 Mattermost 1 Mattermost 2026-07-13 6.5 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690
CVE-2026-6850 1 Mattermost 1 Mattermost 2026-07-13 6.5 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658
CVE-2026-9597 1 Mattermost 1 Mattermost 2026-07-13 5.4 Medium
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681
CVE-2026-57745 2 Stmcan, Wordpress 2 Rt-theme 18 | Extensions, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVE-2026-57738 2 Axiomthemes, Wordpress 2 777, Wordpress 2026-07-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0.
CVE-2026-57385 2 Appsbd, Wordpress 2 Vitepos, Wordpress 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2.
CVE-2026-57363 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7.
CVE-2026-57727 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-13 7.5 High
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13.
CVE-2026-57372 2 Denishua, Wordpress 2 Wpjam Basic, Wordpress 2026-07-13 7.2 High
Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.
CVE-2026-57709 2 Wordpress, Wpswings 2 Wordpress, Membership For Woocommerce 2026-07-13 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through <= 3.1.0.
CVE-2026-57698 2 Villatheme, Wordpress 2 Abandoned Cart Recovery For Woocommerce, Wordpress 2026-07-13 6.5 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.12.
CVE-2026-57668 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.2.2.
CVE-2026-57419 2 Fahadmahmood8, Wordpress 2 Stock Locations For Woocommerce, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 3.1.8.
CVE-2026-57394 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.14.
CVE-2026-57388 2 Themefic, Wordpress 2 Hydra Booking, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.44.
CVE-2026-57381 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through <= 2.2.3.
CVE-2026-57401 2 Brainstorm Force, Wordpress 2 Suredash, Wordpress 2026-07-13 9.9 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0.