Export limit exceeded: 46085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13811 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56030 | 2 Paytium, Wordpress | 2 Paytium, Wordpress | 2026-06-29 | 9.8 Critical |
| Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. | ||||
| CVE-2026-56034 | 2 Owthub, Wordpress | 2 Library Management System, Wordpress | 2026-06-29 | 9.3 Critical |
| Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions. | ||||
| CVE-2026-56046 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-06-29 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions. | ||||
| CVE-2026-56048 | 1 Wordpress | 2 Payment Gateway Based Fees And Discounts For Woocommerce, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions. | ||||
| CVE-2026-56057 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2026-06-29 | 9.8 Critical |
| Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions. | ||||
| CVE-2026-56067 | 2 Jetimpex Inc., Wordpress | 2 Jetsmartfilters, Wordpress | 2026-06-29 | 9.3 Critical |
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. | ||||
| CVE-2026-56068 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-06-29 | 9.3 Critical |
| Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions. | ||||
| CVE-2026-57315 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-29 | 8.5 High |
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions. | ||||
| CVE-2026-57431 | 2 Mer.vin, Wordpress | 2 Featured Image, Wordpress | 2026-06-29 | 6.5 Medium |
| Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions. | ||||
| CVE-2026-57628 | 2 Wordpress, Wpallimport | 2 Wordpress, Wp All Import | 2026-06-29 | 7.6 High |
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. | ||||
| CVE-2026-57630 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. | ||||
| CVE-2026-57632 | 2 Omnisend, Wordpress | 2 Email Marketing For Woocommerce, Wordpress | 2026-06-29 | 5.4 Medium |
| Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | ||||
| CVE-2026-57640 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2026-06-29 | 4.3 Medium |
| Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | ||||
| CVE-2026-57641 | 2 Contempothemes, Wordpress | 2 Real Estate 7, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | ||||
| CVE-2026-57645 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2026-06-29 | 8.1 High |
| newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-57649 | 2 Studiowombat, Wordpress | 2 Shoppable Images, Wordpress | 2026-06-29 | 4.3 Medium |
| Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. | ||||
| CVE-2026-57660 | 2 Magepeople, Wordpress | 2 Booking & Rental Manager, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions. | ||||
| CVE-2026-57663 | 2 Really-simple-plugins, Wordpress | 2 Recipe Maker For Your Food Blog From Zip Recipes, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-12404 | 2 Webaways, Wordpress | 2 Nex-forms-ultimate-forms-plugin, Wordpress | 2026-06-29 | 5.3 Medium |
| The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to enumerate sequential report IDs and download complete form submission data — including names, email addresses, phone numbers, postal addresses, payment details, and uploaded file paths — for any saved report on the site. | ||||
| CVE-2026-10820 | 2 Properfraction, Wordpress | 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress | 2026-06-29 | 8.1 High |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference. | ||||