CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 346818 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32534	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-24	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.
CVE-2026-32533	2 Latepoint, Wordpress	2 Latepoint, Wordpress	2026-04-24	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6.
CVE-2026-32530	2 Wordpress, Wpfunnels	2 Wordpress, Creator Lms	2026-04-24	8.8 High
Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.
CVE-2026-32528	2 Don-themes, Wordpress	2 Riode, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
CVE-2026-32526	2 Villatheme, Wordpress	2 Abandoned Cart Recovery For Woocommerce, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10.
CVE-2026-32525	2 Jetmonsters, Wordpress	2 Jetformbuilder, Wordpress	2026-04-24	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.
CVE-2026-32524	2 Jordy Meow, Wordpress	2 Photo Engine, Wordpress	2026-04-24	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.
CVE-2026-32522	2 Vanquish, Wordpress	2 Woocommerce Support Ticket System, Wordpress	2026-04-24	8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.
CVE-2026-32520	2 Andrew Munro / Affiliatewp, Wordpress	2 Rewardswp, Wordpress	2026-04-24	9.8 Critical
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.
CVE-2026-32516	2 Kamleshyadav, Wordpress	2 Miraculous Core Plugin, Wordpress	2026-04-24	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2.
CVE-2026-32514	2 Anton Voytenko, Wordpress	2 Petitioner, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3.
CVE-2026-32512	2 Edge-themes, Wordpress	2 Pelicula, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.
CVE-2026-32511	2 Mikado-themes, Wordpress	2 Stål, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.
CVE-2026-32510	2 Edge-themes, Wordpress	2 Kamperen, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
CVE-2026-32506	2 Edge-themes, Wordpress	2 Archicon, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.
CVE-2026-32504	2 Creativews, Wordpress	2 Vintwood, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8.
CVE-2026-32503	2 Creativews, Wordpress	2 Trendustry, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through <= 1.1.4.
CVE-2026-32502	2 Select-themes, Wordpress	2 Borgholm, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6.
CVE-2026-32501	2 Wordpress, Wp-configurator	2 Wordpress, Wp Configurator Pro	2026-04-24	7.1 High
Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through <= 3.7.9.
CVE-2026-32500	2 Creativews, Wordpress	2 Metamax, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4.

« first previous Page 115 of 17341. next last »