Export limit exceeded: 12787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39473 | 2 Pär Thernström, Wordpress | 2 Simple History, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0. | ||||
| CVE-2026-39466 | 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform | 2 Wordpress, Broken Link Checker | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7. | ||||
| CVE-2026-39464 | 2 Seedprod, Wordpress | 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress | 2026-04-24 | 5.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8. | ||||
| CVE-2026-39484 | 2 John Darrel, Wordpress | 2 Hide My Wp Ghost, Wordpress | 2026-04-24 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00. | ||||
| CVE-2026-34885 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-04-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34. | ||||
| CVE-2026-39536 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2026-04-24 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16. | ||||
| CVE-2026-39586 | 2 Ateeq Rafeeq, Wordpress | 2 Repairbuddy, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132. | ||||
| CVE-2026-39570 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39538 | 2 Mikado-themes, Wordpress | 2 Mikado Core, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6. | ||||
| CVE-2026-39569 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39544 | 2 Themestek, Wordpress | 2 Labtechco, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3. | ||||
| CVE-2026-39603 | 2 Themegoods, Wordpress | 2 Grand Photography, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through <= 5.7.8. | ||||
| CVE-2026-39541 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38. | ||||
| CVE-2026-39542 | 2 Doofinder, Wordpress | 2 Doofinder For Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13. | ||||
| CVE-2026-39528 | 2 Wordpress, Wpdelicious | 2 Wordpress, Wp Delicious | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5. | ||||
| CVE-2026-39588 | 2 Nmerii, Wordpress | 2 Nm Gift Registry And Wishlist Lite, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13. | ||||
| CVE-2026-39543 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4. | ||||
| CVE-2026-39562 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10. | ||||
| CVE-2026-39575 | 2 Ronald Huereca, Wordpress | 2 Custom Query Blocks, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0. | ||||
| CVE-2026-39564 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2. | ||||