Export limit exceeded: 11684 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11684 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24972 | 2 Elated-themes, Wordpress | 2 Elated Listing, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4. | ||||
| CVE-2026-24971 | 2 Elated-themes, Wordpress | 2 Search And Go Theme, Wordpress | 2026-03-30 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8. | ||||
| CVE-2026-24970 | 2 Designingmedia, Wordpress | 2 Energox, Wordpress | 2026-03-30 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.2. | ||||
| CVE-2026-24969 | 2 Designingmedia, Wordpress | 2 Instant Va, Wordpress | 2026-03-30 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through <= 1.0.1. | ||||
| CVE-2026-24968 | 2 Wordpress, Xagio | 2 Wordpress, Xagio Seo | 2026-03-30 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30. | ||||
| CVE-2026-24983 | 2 Upsolution, Wordpress | 2 Upsolution Core, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from n/a through <= 8.41. | ||||
| CVE-2026-24987 | 2 Activity-log.com, Wordpress | 2 Wp System Log, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7. | ||||
| CVE-2026-24964 | 2 Wasiliy Strecker / Contestgallery Developer, Wordpress | 2 Contest Gallery, Wordpress | 2026-03-30 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1. | ||||
| CVE-2026-24989 | 2 Fantasticplugins, Wordpress | 2 Sumo Affiliates Pro, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0. | ||||
| CVE-2026-24993 | 2 Wordpress, Wpfactory | 2 Wordpress, Advanced Woocommerce Product Sales Reporting | 2026-03-30 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3. | ||||
| CVE-2026-25001 | 2 Saad Iqbal, Wordpress | 2 Post Snippets, Wordpress | 2026-03-30 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12. | ||||
| CVE-2026-25002 | 2 Thimpress, Wordpress | 2 Learnpress – Sepay Payment, Wordpress | 2026-03-30 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0. | ||||
| CVE-2026-25007 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2026-03-30 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.2. | ||||
| CVE-2026-25009 | 2 Rarathemes, Wordpress | 2 Education Zone, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8. | ||||
| CVE-2026-25013 | 2 Whmcsdes, Wordpress | 2 Phox Hosting, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through <= 2.0.8. | ||||
| CVE-2026-25017 | 2 Stmcan, Wordpress | 2 Naturalife Extensions, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1. | ||||
| CVE-2026-25018 | 2 Stmcan, Wordpress | 2 Naturalife Extensions, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1. | ||||
| CVE-2026-25025 | 2 E4jvikwp, Wordpress | 2 Vikrestaurants, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Reflected XSS.This issue affects VikRestaurants: from n/a through <= 1.5.2. | ||||
| CVE-2026-25026 | 2 Radiustheme, Wordpress | 2 Team, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11. | ||||
| CVE-2026-25029 | 2 Park Of Ideas, Wordpress | 2 Kidz, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. | ||||