Export limit exceeded: 13808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13808 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25372 2 Kodezen, Wordpress 2 Academy Lms, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
CVE-2026-25374 2 Rarathemes, Wordpress 2 Spa And Salon, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through <= 1.3.2.
CVE-2026-25375 2 Wordpress, Wpchill 2 Wordpress, Image Photo Gallery Final Tiles Grid 2026-04-16 4.3 Medium
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.
CVE-2026-25384 2 Wordpress, Wplab 2 Wordpress, Wp-lister Lite For Ebay 2026-04-16 5.3 Medium
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.
CVE-2026-25389 2 Metagauss, Wordpress 2 Eventprime, Wordpress 2026-04-16 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.
CVE-2026-25391 2 Wordpress, Wp Grids 2 Wordpress, Wp Wand 2026-04-16 5.4 Medium
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07.
CVE-2026-25394 2 Sparklewpthemes, Wordpress 2 Fitness Fse, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.
CVE-2026-25399 2 Cryoutcreations, Wordpress 2 Serious Slider, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.
CVE-2026-25402 2 Echoplugins, Wordpress 2 Knowledge Base For Documentation, Faqs With Ai Assistance, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0.
CVE-2026-25404 2 Automattic, Wordpress 2 Wp Job Manager, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.
CVE-2026-25409 2 Crgeary, Wordpress 2 Jamstack Deployments, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
CVE-2026-25410 2 Tstephenson, Wordpress 2 Wp-cors, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.
CVE-2026-25415 2 Iqonicdesign, Wordpress 2 Wpbookit Pro, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
CVE-2006-2702 1 Wordpress 1 Wordpress 2026-04-16 N/A
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
CVE-2005-1688 1 Wordpress 1 Wordpress 2026-04-16 5.3 Medium
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVE-2006-2667 1 Wordpress 1 Wordpress 2026-04-16 N/A
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2006-3390 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.
CVE-2005-2612 1 Wordpress 1 Wordpress 2026-04-16 N/A
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2005-2107 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.
CVE-2005-2109 1 Wordpress 1 Wordpress 2026-04-16 N/A
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.