Export limit exceeded: 16525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14083 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25304 2 Skygroup, Wordpress 2 Jaroti, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through < 1.4.8.
CVE-2026-25354 2 Skygroup, Wordpress 2 Reebox, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.
CVE-2026-25355 2 Skygroup, Wordpress 2 Sanzo, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.
CVE-2026-25356 2 Skygroup, Wordpress 2 Yobazar, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.
CVE-2026-25357 2 Azzaroco, Wordpress 2 Ultimate Membership Pro, Wordpress 2026-04-24 8.1 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7.
CVE-2026-25358 2 Rascals, Wordpress 2 Meloo, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.
CVE-2026-2580 2 Flippercode, Wordpress 3 Google Map, Wp Maps – Store Locator,google Maps,openstreetmap,mapbox,listing,directory & Filters, Wordpress 2026-04-24 7.5 High
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-25359 2 Rascals, Wordpress 2 Pendulum, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.
CVE-2026-25360 2 Rascals, Wordpress 2 Vex, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.
CVE-2026-25361 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through <= 5.1.4.
CVE-2026-25365 2 Wordpress, Özgür Karalar 2 Wordpress, Kargo Takip 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4.
CVE-2026-25366 2 Themeisle, Wordpress 2 Woody Ad Snippets, Wordpress 2026-04-24 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.
CVE-2026-25334 2 Wordpress, Wordpresschef 2 Wordpress, Salon Booking System Pro 2026-04-24 8.1 High
Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.
CVE-2026-25328 2 Add-ons.org, Wordpress 2 Product File Upload For Woocommerce, Wordpress 2026-04-24 6.8 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through <= 2.2.4.
CVE-2026-24964 2 Wasiliy Strecker / Contestgallery Developer, Wordpress 2 Contest Gallery, Wordpress 2026-04-24 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1.
CVE-2026-24968 2 Wordpress, Xagio 2 Wordpress, Xagio Seo 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.
CVE-2026-24969 2 Designingmedia, Wordpress 2 Instant Va, Wordpress 2026-04-24 7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through <= 1.0.1.
CVE-2026-24970 2 Designingmedia, Wordpress 2 Energox, Wordpress 2026-04-24 7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.2.
CVE-2026-24971 2 Elated-themes, Wordpress 2 Search And Go Theme, Wordpress 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2026-24972 2 Elated-themes, Wordpress 2 Elated Listing, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4.