Export limit exceeded: 347481 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347481 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39610 | 2 Pankaj Kumar, Wordpress | 2 Wpxmas-snow, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1. | ||||
| CVE-2026-39611 | 2 Kutethemes, Wordpress | 2 Kuteshop, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9. | ||||
| CVE-2026-39615 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53. | ||||
| CVE-2026-39617 | 2 Priyanshumittal, Wordpress | 2 Bluestreet, Wordpress | 2026-04-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. | ||||
| CVE-2026-39649 | 2 Themebeez, Wordpress | 2 Royale News, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4. | ||||
| CVE-2026-39647 | 2 Sonaar, Wordpress | 2 Mp3 Audio Player For Music, Radio & Podcast, Wordpress | 2026-04-24 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11. | ||||
| CVE-2026-39646 | 2 Bozdoz, Wordpress | 2 Leaflet Map, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4. | ||||
| CVE-2026-39645 | 2 Global Payments, Wordpress | 2 Globalpayments Woocommerce, Wordpress | 2026-04-24 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.18.0. | ||||
| CVE-2026-39638 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14. | ||||
| CVE-2026-39634 | 2 Themegoods, Wordpress | 2 Grand Portfolio, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3. | ||||
| CVE-2026-39630 | 2 Getty Images, Wordpress | 2 Getty Images, Wordpress | 2026-04-24 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0. | ||||
| CVE-2026-39632 | 2 Themegoods, Wordpress | 2 Grand Blog, Wordpress | 2026-04-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1. | ||||
| CVE-2026-39637 | 2 Spabrice, Wordpress | 2 Mogi, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through <= 1.2.3. | ||||
| CVE-2026-39643 | 2 Payment Plugins, Wordpress | 2 Payment Plugins For Paypal Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13. | ||||
| CVE-2026-39640 | 2 Mndpsingh287, Wordpress | 2 Theme Editor, Wordpress | 2026-04-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. | ||||
| CVE-2026-39636 | 2 Livemesh, Wordpress | 2 Livemesh Addons For Elementor, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0. | ||||
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-23349 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits from ffbit | ||||
| CVE-2026-39681 | 2 Apustheme, Wordpress | 2 Homeo, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59. | ||||
| CVE-2026-39674 | 2 Manoj Kumar, Wordpress | 2 Mk Google Directions, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through <= 3.1.1. | ||||