Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11479 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22486 2 Hakob, Wordpress 2 Re Gallery Responsive Photo Gallery Plugin, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Hakob Re Gallery regallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through <= 1.18.8.
CVE-2026-22487 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through <= 2.0.2.
CVE-2026-22490 2 Niklaslindemann, Wordpress 2 Bulk Landing Page Creator For Wordpress Lpagery, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through <= 2.4.9.
CVE-2026-22492 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.
CVE-2026-22517 2 Passionate Brains, Wordpress 2 Ga4wp, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
CVE-2026-32587 2 Saad Iqbal, Wordpress 2 Wp Easypay, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11.
CVE-2026-32586 2 Pluggabl, Wordpress 2 Booster For Woocommerce, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3.
CVE-2026-32565 2 Webberzone, Wordpress 2 Contextual Related Posts, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2.
CVE-2026-28126 2 Sizam, Wordpress 2 Rh Frontend Publishing Pro, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through < 4.3.4.
CVE-2026-28119 2 Axiomthemes, Wordpress 2 Nirvana, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nir-vana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through <= 2.6.
CVE-2026-27332 2 Skygroup, Wordpress 2 Agrofood, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through < 1.4.0.
CVE-2026-27093 2 Ovatheme, Wordpress 2 Tripgo, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6.
CVE-2026-27091 2 Uipress, Wordpress 2 Uipress Lite, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.
CVE-2026-27068 2 Ryan Howard, Wordpress 2 Website Llms.txt, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through <= 8.2.6.
CVE-2026-27067 2 Syarif, Wordpress 2 Mobile App Editor, Wordpress 2026-04-01 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1.
CVE-2026-27065 2 Thimpress, Wordpress 2 Builderpress, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1.
CVE-2026-27052 2 Villatheme, Wordpress 2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress 2026-04-01 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through < 1.1.9.
CVE-2026-27043 2 Themegoods, Wordpress 2 Photography, Wordpress 2026-04-01 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through <= 7.7.5.
CVE-2026-25471 2 Themepaste, Wordpress 2 Admin Safety Guard, Wordpress 2026-04-01 N/A
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.6.
CVE-2026-25449 2 Shinetheme, Wordpress 2 Traveler, Wordpress 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1.