Search Results (13895 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57661 2 Nexcess, Wordpress 2 Wpcomplete, Wordpress 2026-06-26 5.4 Medium
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
CVE-2026-8380 2 Frontend File Manager Plugin, Wordpress 2 Frontend File Manager Plugin, Wordpress 2026-06-26 6.5 Medium
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugin WordPress plugin through 23.6's "Allow guest uploads" setting is enabled by an administrator, the same deletion primitive becomes reachable by unauthenticated users.
CVE-2026-52701 2 Themegrill, Wordpress 2 User Registration, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
CVE-2026-57318 2 Geminilabs, Wordpress 2 Site Reviews, Wordpress 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
CVE-2026-57322 2 Wedevs, Wordpress 2 Wemail, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
CVE-2026-57636 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
CVE-2026-57650 2 Blockart, Wordpress 2 Magazine Blocks, Wordpress 2026-06-26 6.5 Medium
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
CVE-2026-57658 2 Templatespare, Wordpress 2 Templatespare, Wordpress 2026-06-26 9.1 Critical
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
CVE-2026-57662 2 Wasiliy Strecker, Wordpress 2 Contest Gallery, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
CVE-2026-54831 2 Paolo, Wordpress 2 Geodirectory, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
CVE-2026-56058 2 Themecatcher, Wordpress 2 Quform, Wordpress 2026-06-26 9.9 Critical
Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.
CVE-2026-56066 2 Shortpixel, Wordpress 2 Shortpixel Adaptive Images, Wordpress 2026-06-26 5.8 Medium
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.
CVE-2026-56010 2 Tychesoftwares, Wordpress 2 Abandoned Cart Pro For Woocommerce, Wordpress 2026-06-26 8.8 High
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
CVE-2026-56043 2 Cusrev, Wordpress 2 Customer Reviews For Woocommerce, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
CVE-2026-56055 2 Inspirythemes, Wordpress 2 Realhomes, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
CVE-2026-57617 2 Seedprod Llc, Wordpress 2 Seedprod Pro, Wordpress 2026-06-26 6.5 Medium
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
CVE-2026-56070 2 Themehunk, Wordpress 2 Advance Product Search, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
CVE-2026-56072 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
CVE-2026-57312 2 Wordpress, Wpeverest 2 Wordpress, Everest Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
CVE-2026-57313 2 Surecart, Wordpress 2 Surecart, Wordpress 2026-06-26 6.5 Medium
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.