Export limit exceeded: 13799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13799 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57683 2 Epsiloncool, Wordpress 2 Wp Fast Total Search, Wordpress 2026-07-06 9.3 Critical
Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.
CVE-2026-57684 2 Tranmautritam, Wordpress 2 Thefox, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.
CVE-2026-57685 2 Drfuri, Wordpress 2 Martfury - Woocommerce Marketplace Wordpress Theme, Wordpress 2026-07-06 4.3 Medium
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions.
CVE-2026-57686 2 Wordpress, Wpxpo 2 Wordpress, Wowaddons 2026-07-06 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.
CVE-2026-57688 2 Gurmehub, Wordpress 2 Pos Entegratör, Wordpress 2026-07-06 8.2 High
Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions.
CVE-2026-57689 2 Fuelthemes, Wordpress 2 Werkstatt, Wordpress 2026-07-06 4.3 Medium
Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions.
CVE-2026-57690 2 Fuelthemes, Wordpress 2 Werkstatt, Wordpress 2026-07-06 4.3 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.
CVE-2026-57748 2 Shopify Help Center, Wordpress 2 Shopify, Wordpress 2026-07-06 7.5 High
Contributor Local File Inclusion in Shopify <= 1.0.0 versions.
CVE-2026-57750 2 Keksdieb, Wordpress 2 Ez Form Calculator Premium, Wordpress 2026-07-06 5.3 Medium
Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
CVE-2026-57751 2 Heateor Support, Wordpress 2 Heateor Social Login, Wordpress 2026-07-06 8.1 High
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
CVE-2026-57753 2 Nathanbarry, Wordpress 2 Kit (formerly Convertkit) For Woocommerce, Wordpress 2026-07-06 5.3 Medium
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
CVE-2026-57755 2 Misbah Wp, Wordpress 2 Mosaic Gallery – Advanced Gallery, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in Mosaic Gallery &#8211; Advanced Gallery <= 1.2.0 versions.
CVE-2026-57756 2 Wordpress, 友人a丶 2 Wordpress, Nicen-localize-image 2026-07-06 8.5 High
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
CVE-2026-57757 2 Ploudapp, Wordpress 2 Pcloud Wp Backup, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
CVE-2026-57761 2 Blueastralthemes, Wordpress 2 Seowp, Wordpress 2026-07-06 7.1 High
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
CVE-2026-57762 2 Andrew Fiebert, Wordpress 2 Simple Urls, Wordpress 2026-07-06 5.9 Medium
Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
CVE-2026-57763 2 Gordon Böhme, Wordpress 2 Structured Content, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVE-2026-57764 2 Surbma, Wordpress 2 Surbma | Yoast Seo Breadcrumb Shortcode, Wordpress 2026-07-06 6.5 Medium
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVE-2026-57760 2 Sendcloud, Wordpress 2 Sendcloud Shipping, Wordpress 2026-07-06 5.3 Medium
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29.
CVE-2026-12734 2 Wedevs, Wordpress 2 Wedocs: Ai Powered Knowledge Base, Docs, Documentation, Wiki & Ai Chatbot, Wordpress 2026-07-06 6.4 Medium
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'connectorWidth' Block Attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.