Export limit exceeded: 14142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14142 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25375 2 Wordpress, Wpchill 2 Wordpress, Image Photo Gallery Final Tiles Grid 2026-04-16 4.3 Medium
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.
CVE-2026-25384 2 Wordpress, Wplab 2 Wordpress, Wp-lister Lite For Ebay 2026-04-16 5.3 Medium
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.
CVE-2026-25389 2 Metagauss, Wordpress 2 Eventprime, Wordpress 2026-04-16 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.
CVE-2026-25391 2 Wordpress, Wp Grids 2 Wordpress, Wp Wand 2026-04-16 5.4 Medium
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07.
CVE-2026-25394 2 Sparklewpthemes, Wordpress 2 Fitness Fse, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.
CVE-2026-25399 2 Cryoutcreations, Wordpress 2 Serious Slider, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.
CVE-2026-25402 2 Echoplugins, Wordpress 2 Knowledge Base For Documentation, Faqs With Ai Assistance, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0.
CVE-2026-25404 2 Automattic, Wordpress 2 Wp Job Manager, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.
CVE-2026-25409 2 Crgeary, Wordpress 2 Jamstack Deployments, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
CVE-2026-25410 2 Tstephenson, Wordpress 2 Wp-cors, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.
CVE-2026-25415 2 Iqonicdesign, Wordpress 2 Wpbookit Pro, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
CVE-2006-2702 1 Wordpress 1 Wordpress 2026-04-16 N/A
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
CVE-2005-1102 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
CVE-2005-2612 1 Wordpress 1 Wordpress 2026-04-16 N/A
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2006-0733 1 Wordpress 1 Wordpress 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability
CVE-2006-1796 1 Wordpress 1 Wordpress 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
CVE-2006-2667 1 Wordpress 1 Wordpress 2026-04-16 N/A
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2004-1584 1 Wordpress 1 Wordpress 2026-04-16 N/A
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
CVE-2005-4463 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.
CVE-2005-1810 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.