Export limit exceeded: 330882 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (330882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28115 | 2 Loopus, Wordpress | 2 Wp Attractive Donations System - Easy Stripe & Paypal Donations, Wordpress | 2026-03-06 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Blind SQL Injection.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | ||||
| CVE-2026-28117 | 2 Axiomthemes, Wordpress | 2 Smart Seo, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through <= 2.9. | ||||
| CVE-2026-28118 | 2 Axiomthemes, Wordpress | 2 Welldone, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affects Welldone: from n/a through <= 2.4. | ||||
| CVE-2026-28119 | 2 Axiomthemes, Wordpress | 2 Nirvana, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through <= 2.6. | ||||
| CVE-2026-28120 | 2 Themerex, Wordpress | 2 Dr.patterson, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through <= 1.3.2. | ||||
| CVE-2026-28121 | 2 Ancorathemes, Wordpress | 2 Anderson, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through <= 1.4.2. | ||||
| CVE-2026-28122 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8. | ||||
| CVE-2026-28123 | 2 Ancorathemes, Wordpress | 2 Veil, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9. | ||||
| CVE-2026-28124 | 2 Ancorathemes, Wordpress | 2 Notarius, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through <= 1.9. | ||||
| CVE-2026-28125 | 2 Ancorathemes, Wordpress | 2 Midi, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi: from n/a through <= 1.14. | ||||
| CVE-2026-28126 | 2 Sizam, Wordpress | 2 Rh Frontend Publishing Pro, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through <= 4.3.2. | ||||
| CVE-2026-28127 | 2 E-plugins, Wordpress | 2 Lawyer Directory, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through <= 1.3.2. | ||||
| CVE-2026-28128 | 2 Themerex, Wordpress | 2 Verse, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: from n/a through <= 1.7.0. | ||||
| CVE-2026-28129 | 2 Axiomthemes, Wordpress | 2 Little Birdies, Wordpress | 2026-03-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through <= 1.3.16. | ||||
| CVE-2026-28130 | 2 Andondesign, Wordpress | 2 Udesign, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <= 4.14.0. | ||||
| CVE-2026-28134 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-03-06 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2. | ||||
| CVE-2026-28137 | 2 Quanticalabs, Wordpress | 2 Medicenter - Health Medical Clinic, Wordpress | 2026-03-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through <= 14.9. | ||||
| CVE-2026-2418 | 2 Login With Salesforce, Wordpress | 2 Login With Salesforce, Wordpress | 2026-03-06 | 9.1 Critical |
| The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as admin) by simply knowing the email | ||||
| CVE-2026-28537 | 1 Huawei | 1 Harmonyos | 2026-03-06 | 5.1 Medium |
| Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-2893 | 2 Carlosfazenda, Wordpress | 2 Page And Post Clone, Wordpress | 2026-03-06 | 6.5 Medium |
| The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' parameter in the content_clone() function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied meta_key value and insufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The injection is second-order: the malicious payload is stored as a post meta key and executed when the post is cloned. | ||||