Export limit exceeded: 346600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346600 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39631 | 2 Ronik@unlimitedwp, Wordpress | 2 Wpschoolpress, Wordpress | 2026-04-24 | 4.9 Medium |
| Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35. | ||||
| CVE-2026-39644 | 2 Roxnor, Wordpress | 2 Wp Ultimate Review, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8. | ||||
| CVE-2026-39651 | 2 Totalsuite, Wordpress | 2 Total Poll Lite, Wordpress | 2026-04-24 | 6.3 Medium |
| Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||||
| CVE-2026-39653 | 2 Imdpen, Wordpress | 2 Video Conferencing With Zoom, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6. | ||||
| CVE-2026-39640 | 2 Mndpsingh287, Wordpress | 2 Theme Editor, Wordpress | 2026-04-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. | ||||
| CVE-2026-39636 | 2 Livemesh, Wordpress | 2 Livemesh Addons For Elementor, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0. | ||||
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-39630 | 2 Getty Images, Wordpress | 2 Getty Images, Wordpress | 2026-04-24 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0. | ||||
| CVE-2026-39654 | 2 Ashish Ajani, Wordpress | 2 Wp Simple Html Sitemap, Wordpress | 2026-04-24 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.8. | ||||
| CVE-2026-39645 | 2 Global Payments, Wordpress | 2 Globalpayments Woocommerce, Wordpress | 2026-04-24 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through <= 1.18.0. | ||||
| CVE-2026-39649 | 2 Themebeez, Wordpress | 2 Royale News, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4. | ||||
| CVE-2026-39634 | 2 Themegoods, Wordpress | 2 Grand Portfolio, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3. | ||||
| CVE-2026-23349 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits from ffbit | ||||
| CVE-2026-39664 | 2 Leadrebel, Wordpress | 2 Leadrebel, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | ||||
| CVE-2026-39670 | 2 Brecht, Wordpress | 2 Visual Link Preview, Wordpress | 2026-04-24 | 6 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | ||||
| CVE-2026-39660 | 2 Automattic, Wordpress | 2 Wp Job Manager, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1. | ||||
| CVE-2026-39658 | 2 Coding Panda, Wordpress | 2 Panda Pods Repeater Field, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12. | ||||
| CVE-2026-39656 | 2 Razorpay, Wordpress | 2 Razorpay For Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2. | ||||
| CVE-2026-39669 | 2 Nitropack, Wordpress | 2 Nitropack, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3. | ||||
| CVE-2026-39671 | 2 Dotstore, Wordpress | 2 Extra Fees Plugin For Woocommerce, Wordpress | 2026-04-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3. | ||||