Export limit exceeded: 346814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346814 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4329 | 2 Specialk, Wordpress | 2 Blackhole For Bad Bots, Wordpress | 2026-04-24 | 7.2 High |
| The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() when capturing bot data (which strips HTML tags but does not escape HTML entities like double quotes), then stores the data via update_option(). When an administrator views the Bad Bots log page, the stored data is output directly into HTML input value attributes (lines 75-83) without esc_attr() and into HTML span content without esc_html(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the Blackhole Bad Bots admin page. | ||||
| CVE-2026-32573 | 2 Neliosoftware, Wordpress | 2 Nelio Ab Testing, Wordpress | 2026-04-24 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7. | ||||
| CVE-2026-32542 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through < 3.15.0. | ||||
| CVE-2026-32536 | 2 Halfdata, Wordpress | 2 Stripe Green Downloads, Wordpress | 2026-04-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08. | ||||
| CVE-2026-32534 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-04-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3. | ||||
| CVE-2026-32533 | 2 Latepoint, Wordpress | 2 Latepoint, Wordpress | 2026-04-24 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6. | ||||
| CVE-2026-32531 | 2 Gavias, Wordpress | 2 Kunco, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5. | ||||
| CVE-2026-32530 | 2 Wordpress, Wpfunnels | 2 Wordpress, Creator Lms | 2026-04-24 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18. | ||||
| CVE-2026-32527 | 2 Crmperks, Wordpress | 2 Wp Insightly For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5. | ||||
| CVE-2026-32515 | 2 Kamleshyadav, Wordpress | 2 Miraculous, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2. | ||||
| CVE-2026-32514 | 2 Anton Voytenko, Wordpress | 2 Petitioner, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3. | ||||
| CVE-2026-32512 | 2 Edge-themes, Wordpress | 2 Pelicula, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10. | ||||
| CVE-2026-32511 | 2 Mikado-themes, Wordpress | 2 Stål, Wordpress | 2026-04-24 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7. | ||||
| CVE-2026-32509 | 2 Edge-themes, Wordpress | 2 Gracey, Wordpress | 2026-04-24 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4. | ||||
| CVE-2026-32508 | 2 Mikado-themes, Wordpress | 2 Halstein, Wordpress | 2026-04-24 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8. | ||||
| CVE-2026-32507 | 2 Elated-themes, Wordpress | 2 Leroux, Wordpress | 2026-04-24 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4. | ||||
| CVE-2026-32504 | 2 Creativews, Wordpress | 2 Vintwood, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8. | ||||
| CVE-2026-32502 | 2 Select-themes, Wordpress | 2 Borgholm, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6. | ||||
| CVE-2026-32494 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | ||||
| CVE-2026-32493 | 2 Eyecix, Wordpress | 2 Jobsearch, Wordpress | 2026-04-24 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 3.2.0. | ||||