Export limit exceeded: 19681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39483 | 2 Hidekazu Ishikawa, Wordpress | 2 Vk All In One Expansion Unit, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3. | ||||
| CVE-2026-39484 | 2 John Darrel, Wordpress | 2 Hide My Wp Ghost, Wordpress | 2026-04-24 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00. | ||||
| CVE-2026-39485 | 2 Embedplus, Wordpress | 2 Youtube Embed Plus, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4. | ||||
| CVE-2026-39487 | 2 Ameliabooking, Wordpress | 2 Amelia, Wordpress | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1. | ||||
| CVE-2026-39496 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaymail | 2026-04-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3. | ||||
| CVE-2026-39500 | 2 Themesflat, Wordpress | 2 Themesflat Addons For Elementor, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2. | ||||
| CVE-2026-39505 | 2 Craig Hewitt, Wordpress | 2 Seriously Simple Podcasting, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.2. | ||||
| CVE-2026-39509 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. | ||||
| CVE-2026-39516 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-24 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0. | ||||
| CVE-2026-39517 | 2 Awplife, Wordpress | 2 Blog Filter, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6. | ||||
| CVE-2026-39521 | 2 Nelio Software, Wordpress | 2 Nelio Content, Wordpress | 2026-04-24 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1. | ||||
| CVE-2026-39538 | 2 Mikado-themes, Wordpress | 2 Mikado Core, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6. | ||||
| CVE-2026-39541 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38. | ||||
| CVE-2026-39542 | 2 Doofinder, Wordpress | 2 Doofinder For Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13. | ||||
| CVE-2026-39543 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4. | ||||
| CVE-2026-39544 | 2 Themestek, Wordpress | 2 Labtechco, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3. | ||||
| CVE-2026-39569 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39570 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9. | ||||
| CVE-2026-39575 | 2 Ronald Huereca, Wordpress | 2 Custom Query Blocks, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0. | ||||
| CVE-2026-39586 | 2 Ateeq Rafeeq, Wordpress | 2 Repairbuddy, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132. | ||||