Export limit exceeded: 13808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13808 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57323 2 Bplugins, Wordpress 2 Flash & Html5 Video, Wordpress 2026-06-29 5.8 Medium
Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.
CVE-2026-57325 2 Jellywp, Wordpress 2 Nanomag, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVE-2026-57430 2 Seopress Free, Wordpress 2 Seopress Pro, Wordpress 2026-06-29 4.3 Medium
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
CVE-2026-57618 2 Themeisle, Wordpress 2 Neve Pro, Wordpress 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
CVE-2026-57627 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-06-29 4.9 Medium
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
CVE-2026-57633 2 Wcboost, Wordpress 2 Wcboost – Products Compare, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.
CVE-2026-57635 2 Funnelkit, Wordpress 2 Funnelkit Payment Gateway For Stripe Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.
CVE-2026-57638 2 Wordpress, Wpmanageninja 2 Wordpress, Fluent Booking 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
CVE-2026-57644 2 Jetmonsters, Wordpress 2 Restaurant Menu By Motopress, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
CVE-2026-57647 2 Bplugins, Wordpress 2 Panorama Viewer – 360 Degree Image + Video Viewer, Wordpress 2026-06-29 7.5 High
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
CVE-2026-57651 2 Nk, Wordpress 2 Ghost Kit, Wordpress 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
CVE-2026-57655 2 Jay Versluis, Wordpress 2 Child Theme Wizard, Wordpress 2026-06-29 8.2 High
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
CVE-2026-57656 2 Peregrinethemes, Wordpress 2 Hester Core, Wordpress 2026-06-29 5.9 Medium
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
CVE-2026-57657 2 Noor Alam, Wordpress 2 Gmail Smtp, Wordpress 2026-06-29 4.3 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
CVE-2026-57659 2 Stranger Studios, Wordpress 2 Paid Memberships Pro - Add Member From Admin, Wordpress 2026-06-29 8.8 High
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
CVE-2026-57664 2 Villatheme, Wordpress 2 Bopo – Woocommerce Product Bundle Builder, Wordpress 2026-06-29 4.3 Medium
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
CVE-2026-57665 2 Gravitykit, Wordpress 2 Gravityview, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-57667 2 Adrian Tobey, Wordpress 2 Groundhogg, Wordpress 2026-06-29 8.5 High
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
CVE-2026-13335 2 Codepeople, Wordpress 2 Codepeople Post Map For Google Maps, Wordpress 2026-06-29 6.4 Medium
The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-13245 2 Maxfoundry, Wordpress 2 Maxbuttons – Create Buttons, Wordpress 2026-06-29 6.1 Medium
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.