Export limit exceeded: 336986 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336986 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25357 | 2 Azzaroco, Wordpress | 2 Ultimate Membership Pro, Wordpress | 2026-03-26 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7. | ||||
| CVE-2026-25371 | 2 King-theme, Wordpress | 2 Lumise Product Designer, Wordpress | 2026-03-26 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through < 2.0.9. | ||||
| CVE-2026-25380 | 2 Jwsthemes, Wordpress | 2 Feedy, Wordpress | 2026-03-26 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through < 2.1.5. | ||||
| CVE-2026-25382 | 2 Jwsthemes, Wordpress | 2 Idealauto, Wordpress | 2026-03-26 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6. | ||||
| CVE-2026-25396 | 2 Coderpress, Wordpress | 2 Commerce Coinbase For Woocommerce, Wordpress | 2026-03-26 | N/A |
| Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6. | ||||
| CVE-2026-25397 | 2 Snowray Software, Wordpress | 2 File Uploader For Woocommerce, Wordpress | 2026-03-26 | N/A |
| Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4. | ||||
| CVE-2026-25401 | 2 Arni Cinco, Wordpress | 2 Wpcargo Track & Trace, Wordpress | 2026-03-26 | N/A |
| Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||||
| CVE-2026-25413 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-03-26 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2026-25447 | 2 Jonathan Daggerhart, Wordpress | 2 Widget Wrangler, Wordpress | 2026-03-26 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9. | ||||
| CVE-2026-25460 | 2 Liquidthemes, Wordpress | 2 Ave Core, Wordpress | 2026-03-26 | N/A |
| Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1. | ||||
| CVE-2026-27039 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-03-26 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31. | ||||
| CVE-2026-27044 | 2 Totalsuite, Wordpress | 2 Total Poll Lite, Wordpress | 2026-03-26 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||||
| CVE-2026-27051 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2026-03-26 | N/A |
| Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0. | ||||
| CVE-2026-32485 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-03-26 | N/A |
| Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8. | ||||
| CVE-2026-32493 | 2 Eyecix, Wordpress | 2 Jobsearch, Wordpress | 2026-03-26 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 3.2.0. | ||||
| CVE-2026-32495 | 2 Linksoftwarellc, Wordpress | 2 Wp Terms Popup, Wordpress | 2026-03-26 | N/A |
| Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0. | ||||
| CVE-2026-32504 | 2 Creativews, Wordpress | 2 Vintwood, Wordpress | 2026-03-26 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8. | ||||
| CVE-2026-32520 | 2 Andrew Munro / Affiliatewp, Wordpress | 2 Rewardswp, Wordpress | 2026-03-26 | N/A |
| Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4. | ||||
| CVE-2026-4822 | 1 Enter Software | 1 Iperius Backup | 2026-03-26 | 7 High |
| A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2025-0876 | 2026-03-26 | 4.1 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site Scripting (XSS).This issue affects IT's Workif: through 20251003. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||