Export limit exceeded: 46531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 14075 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14075 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39508 2 Josh Kohlbach, Wordpress 2 Advanced Coupons For Woocommerce Coupons, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1.1.
CVE-2026-39476 2 Syed Balkhi, Wordpress 2 User Feedback, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2026-39495 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.
CVE-2026-39496 2 Wordpress, Yaycommerce 2 Wordpress, Yaymail 2026-04-24 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3.
CVE-2026-39517 2 Awplife, Wordpress 2 Blog Filter, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6.
CVE-2026-39516 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-04-24 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
CVE-2026-34885 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.
CVE-2026-34887 2 Extendthemes, Wordpress 2 Kubio Ai Page Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0.
CVE-2026-34889 2 Brainstormforce, Wordpress 2 Ultimate Addons For Wpbakery Page Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4.
CVE-2026-39541 2 Themefic, Wordpress 2 Hydra Booking, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38.
CVE-2026-39575 2 Ronald Huereca, Wordpress 2 Custom Query Blocks, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0.
CVE-2026-39542 2 Doofinder, Wordpress 2 Doofinder For Woocommerce, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.
CVE-2026-39570 2 Aa Web Servant, Wordpress 2 12 Step Meeting List, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
CVE-2026-39538 2 Mikado-themes, Wordpress 2 Mikado Core, Wordpress 2026-04-24 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6.
CVE-2026-39586 2 Ateeq Rafeeq, Wordpress 2 Repairbuddy, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.
CVE-2026-39571 2 Themefic, Wordpress 2 Instantio, Wordpress 2026-04-24 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
CVE-2026-39543 2 Themefic, Wordpress 2 Tourfic, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.
CVE-2026-39544 2 Themestek, Wordpress 2 Labtechco, Wordpress 2026-04-24 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3.
CVE-2026-39564 2 Sunshinephotocart, Wordpress 2 Sunshine Photo Cart, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.
CVE-2026-39569 2 Aa Web Servant, Wordpress 2 12 Step Meeting List, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.