Search
Search Results (13598 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39554 | 2 Elated-themes, Wordpress | 2 Fidalgo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions. | ||||
| CVE-2026-39567 | 2 Select-themes, Wordpress | 2 Santé, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions. | ||||
| CVE-2026-39568 | 2 Elated-themes, Wordpress | 2 Mr Seo, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions. | ||||
| CVE-2026-39577 | 2 Elated-themes, Wordpress | 2 Playroom, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions. | ||||
| CVE-2026-39578 | 2 Elated-themes, Wordpress | 2 Valiance, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Valiance <= 1.2 versions. | ||||
| CVE-2026-39580 | 2 Select-themes, Wordpress | 2 Micdrop, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions. | ||||
| CVE-2026-40751 | 2 Mikado-themes, Wordpress | 2 Ashtanga, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. | ||||
| CVE-2026-40755 | 2 Mikado-themes, Wordpress | 2 Techlink, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. | ||||
| CVE-2026-40758 | 2 Elated-themes, Wordpress | 2 Léonie, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. | ||||
| CVE-2026-40759 | 2 Mikado-themes, Wordpress | 2 Esmée, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. | ||||
| CVE-2026-7850 | 2 Wordpress, Wp Magnific Popup | 2 Wordpress, Wp Magnific Popup | 2026-06-26 | 5.9 Medium |
| The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user. | ||||
| CVE-2026-8383 | 2 Learnpress, Wordpress | 2 Learnpress, Wordpress | 2026-06-26 | 5.3 Medium |
| The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request | ||||
| CVE-2025-58952 | 2 Themerex, Wordpress | 2 Neuronet, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions. | ||||
| CVE-2025-58953 | 2 Themerex, Wordpress | 2 Joly, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions. | ||||
| CVE-2025-58954 | 2 Themerex, Wordpress | 2 Homeroofer, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. | ||||
| CVE-2025-69117 | 2 Themerex, Wordpress | 2 Ingenioso, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions. | ||||
| CVE-2025-69145 | 2 Themerex, Wordpress | 2 Gat, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Gat <= 1.16 versions. | ||||
| CVE-2025-69148 | 2 Themerex, Wordpress | 2 Quirky, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. | ||||
| CVE-2025-69172 | 2 Themerex, Wordpress | 2 Resurs, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. | ||||
| CVE-2025-69173 | 2 Themerex, Wordpress | 2 Tipsy, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions. | ||||