Export limit exceeded: 13894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13894 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57325 2 Jellywp, Wordpress 2 Nanomag, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVE-2026-57430 2 Seopress Free, Wordpress 2 Seopress Pro, Wordpress 2026-06-29 4.3 Medium
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
CVE-2026-57618 2 Themeisle, Wordpress 2 Neve Pro, Wordpress 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
CVE-2026-57627 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-06-29 4.9 Medium
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
CVE-2026-57633 2 Wcboost, Wordpress 2 Wcboost – Products Compare, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.
CVE-2026-57635 2 Funnelkit, Wordpress 2 Funnelkit Payment Gateway For Stripe Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.
CVE-2026-57638 2 Wordpress, Wpmanageninja 2 Wordpress, Fluent Booking 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
CVE-2026-57644 2 Jetmonsters, Wordpress 2 Restaurant Menu By Motopress, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
CVE-2026-57647 2 Bplugins, Wordpress 2 Panorama Viewer – 360 Degree Image + Video Viewer, Wordpress 2026-06-29 7.5 High
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
CVE-2026-57651 2 Nk, Wordpress 2 Ghost Kit, Wordpress 2026-06-29 6.5 Medium
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
CVE-2026-57655 2 Jay Versluis, Wordpress 2 Child Theme Wizard, Wordpress 2026-06-29 8.2 High
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
CVE-2026-57656 2 Peregrinethemes, Wordpress 2 Hester Core, Wordpress 2026-06-29 5.9 Medium
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
CVE-2026-57657 2 Noor Alam, Wordpress 2 Gmail Smtp, Wordpress 2026-06-29 4.3 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
CVE-2026-57659 2 Stranger Studios, Wordpress 2 Paid Memberships Pro - Add Member From Admin, Wordpress 2026-06-29 8.8 High
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
CVE-2026-57664 2 Villatheme, Wordpress 2 Bopo – Woocommerce Product Bundle Builder, Wordpress 2026-06-29 4.3 Medium
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
CVE-2026-57665 2 Gravitykit, Wordpress 2 Gravityview, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-57667 2 Adrian Tobey, Wordpress 2 Groundhogg, Wordpress 2026-06-29 8.5 High
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
CVE-2026-13335 2 Codepeople, Wordpress 2 Codepeople Post Map For Google Maps, Wordpress 2026-06-29 6.4 Medium
The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-13245 2 Maxfoundry, Wordpress 2 Maxbuttons – Create Buttons, Wordpress 2026-06-29 6.1 Medium
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2026-9677 2 Shariff For Wordpress, Wordpress 2 Shariff For Wordpress, Wordpress 2026-06-29 4.8 Medium
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).