Export limit exceeded: 85518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42664 | 2 Motive Commerce Search, Wordpress | 2 Ai Product Search For Woocommerce – Motive Commerce Search, Wordpress | 2026-06-23 | 8.2 High |
| Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | ||||
| CVE-2026-42666 | 2 Dimitri Grassi, Wordpress | 2 Salon Booking System, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-48835 | 2 Awesomemotive, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||||
| CVE-2026-48868 | 2 Mra13 / Team Tips And Tricks Hq, Wordpress | 2 Simple Shopping Cart, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions. | ||||
| CVE-2026-48871 | 2 Takashi Kitajima, Wordpress | 2 Mw Wp Form, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | ||||
| CVE-2026-48876 | 2 Web Guy, Wordpress | 2 Stop Spammers, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions. | ||||
| CVE-2026-48889 | 2 Tms, Wordpress | 2 Amelia, Wordpress | 2026-06-23 | 8.8 High |
| Subscriber Privilege Escalation in Amelia <= 2.3 versions. | ||||
| CVE-2026-48966 | 2 Funnelkit, Wordpress | 2 Funnel Builder By Funnelkit, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | ||||
| CVE-2026-49063 | 2 Webilia Inc., Wordpress | 2 Listdom, Wordpress | 2026-06-23 | 7.3 High |
| Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | ||||
| CVE-2026-49066 | 2 Conekta Group, Wordpress | 2 Conekta Payment Gateway, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. | ||||
| CVE-2026-49070 | 2 Knit Pay, Wordpress | 2 Knit Pay, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||||
| CVE-2026-49082 | 2 Chatway Live Chat, Wordpress | 2 Chatway Live Chat – Ai Chatbot, Customer Support, Faq & Helpdesk Customer Service & Chat Buttons, Wordpress | 2026-06-23 | 7.4 High |
| Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | ||||
| CVE-2026-49780 | 2 Dokan, Inc., Wordpress | 2 Dokan, Wordpress | 2026-06-23 | 8.8 High |
| Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||||
| CVE-2026-52692 | 2 Wordpress, Wp.insider | 2 Wordpress, Affiliates Manager | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||||
| CVE-2026-52694 | 2 Wordpress, Wp E-signature | 2 Wordpress, Signature Add-on For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||||
| CVE-2026-52695 | 2 Al Monsor, Wordpress | 2 Abc Crypto Checkout, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||||
| CVE-2026-52700 | 2 Wcmultishipping – Mondial Relay & Chronopost For Wooommerce, Wordpress | 2 Wcmultishipping, Wordpress | 2026-06-23 | 8.5 High |
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||||
| CVE-2026-52702 | 2 Wordpress, Wp-buy | 2 Wordpress, Seo Redirection | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | ||||
| CVE-2026-48723 | 1 Browserstack | 1 Browserstack-cypress-cli | 2026-06-23 | 7.8 High |
| The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6. | ||||
| CVE-2026-6933 | 2 Premmerce, Wordpress | 2 Premmerce Dev Tools, Wordpress | 2026-06-23 | 8.8 High |
| The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the 'createFromStub' function performing unsanitized string substitution of the 'premmerce_plugin_namespace' parameter directly into PHP stub files written to the wp-content/plugins/ directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution. | ||||