Export limit exceeded: 14170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-1834 2 Vowelweb, Wordpress 2 Ibtana – Wordpress Website Builder, Wordpress 2026-04-24 6.4 Medium
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-4257 2 Supsysticcom, Wordpress 2 Contact Form By Supsystic, Wordpress 2026-04-24 9.8 Critical
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig `Twig_Loader_String` template engine without sandboxing, combined with the `cfsPreFill` prefill functionality that allows unauthenticated users to inject arbitrary Twig expressions into form field values via GET parameters. This makes it possible for unauthenticated attackers to execute arbitrary PHP functions and OS commands on the server by leveraging Twig's `registerUndefinedFilterCallback()` method to register arbitrary PHP callbacks.
CVE-2026-39508 2 Josh Kohlbach, Wordpress 2 Advanced Coupons For Woocommerce Coupons, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1.1.
CVE-2026-39466 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform 2 Wordpress, Broken Link Checker 2026-04-24 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7.
CVE-2026-39526 2 Wordpress, Wpstream 2 Wordpress, Wpstream 2026-04-24 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.
CVE-2026-34897 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34.
CVE-2026-34896 2 Analytify, Wordpress 2 Under Construction, Coming Soon & Maintenance Mode, Wordpress 2026-04-24 7.5 High
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.
CVE-2026-39521 2 Nelio Software, Wordpress 2 Nelio Content, Wordpress 2026-04-24 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.
CVE-2026-39464 2 Seedprod, Wordpress 2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress 2026-04-24 5.5 Medium
Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-34899 2 Eniture Technology, Wordpress 2 Ltl Freight Quotes – Worldwide Express Edition, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1.
CVE-2026-39509 2 Wordpress, Wpwax 2 Wordpress, Directorist 2026-04-24 5.3 Medium
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
CVE-2026-39517 2 Awplife, Wordpress 2 Blog Filter, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6.
CVE-2026-39473 2 Pär Thernström, Wordpress 2 Simple History, Wordpress 2026-04-24 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.
CVE-2026-39516 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-04-24 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
CVE-2026-34904 2 Analytify, Wordpress 2 Simple Social Media Share Buttons, Wordpress 2026-04-24 7.5 High
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.
CVE-2026-34903 2 Oceanwp, Wordpress 2 Ocean Extra, Wordpress 2026-04-24 5.4 Medium
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3.
CVE-2026-34889 2 Brainstormforce, Wordpress 2 Ultimate Addons For Wpbakery Page Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4.
CVE-2026-34887 2 Extendthemes, Wordpress 2 Kubio Ai Page Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0.
CVE-2026-34885 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.
CVE-2026-39487 2 Ameliabooking, Wordpress 2 Amelia, Wordpress 2026-04-24 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1.