CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 346685 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24978	2 Nootheme, Wordpress	2 Jobica Core, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue affects Jobica Core: from n/a through <= 1.4.1.
CVE-2026-24983	2 Upsolution, Wordpress	2 Upsolution Core, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from n/a through <= 8.41.
CVE-2026-24993	2 Wordpress, Wpfactory	2 Wordpress, Advanced Woocommerce Product Sales Reporting	2026-04-24	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3.
CVE-2026-25001	2 Saad Iqbal, Wordpress	2 Post Snippets, Wordpress	2026-04-24	8.5 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12.
CVE-2026-25009	2 Rarathemes, Wordpress	2 Education Zone, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.
CVE-2026-25017	2 Stmcan, Wordpress	2 Naturalife Extensions, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1.
CVE-2026-25018	2 Stmcan, Wordpress	2 Naturalife Extensions, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1.
CVE-2026-25026	2 Radiustheme, Wordpress	2 Team, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11.
CVE-2026-25029	2 Park Of Ideas, Wordpress	2 Kidz, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24.
CVE-2026-25034	2 Iqonic, Wordpress	2 Kivicare, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16.
CVE-2026-25035	2 Wasiliy Strecker / Contestgallery Developer, Wordpress	2 Contest Gallery, Wordpress	2026-04-24	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2.
CVE-2026-25309	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25327	2 Rustaurius, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9.
CVE-2026-25334	2 Wordpress, Wordpresschef	2 Wordpress, Salon Booking System Pro	2026-04-24	8.1 High
Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.
CVE-2026-25341	2 Rsjoomla, Wordpress	2 Rsfirewall!, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.
CVE-2026-25342	2 Kutethemes, Wordpress	2 Boutique, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6.
CVE-2026-25344	2 Radiustheme, Wordpress	2 Review Schema, Wordpress	2026-04-24	6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.
CVE-2026-25350	2 Skygroup, Wordpress	2 Miti, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.
CVE-2026-25351	2 Skygroup, Wordpress	2 Mymedi, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through < 1.7.7.
CVE-2026-25354	2 Skygroup, Wordpress	2 Reebox, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.

« first previous Page 103 of 17335. next last »