CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 340935 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22506	2 Elated-themes, Wordpress	2 Amoli, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from n/a through <= 1.0.
CVE-2026-22507	2 Ancorathemes, Wordpress	2 Beelove, Wordpress	2026-03-27	9.8 Critical
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6.
CVE-2026-22508	2 Ancorathemes, Wordpress	2 Dentalux, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3.
CVE-2026-22509	2 Elated-themes, Wordpress	2 Gioia, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through <= 1.4.
CVE-2026-22510	2 Ancorathemes, Wordpress	2 Melody, Wordpress	2026-03-27	8.1 High
Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3.
CVE-2026-22511	2 Elated-themes, Wordpress	2 Neobeat, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through <= 1.2.
CVE-2026-22512	2 Elated-themes, Wordpress	2 Roisin, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1.
CVE-2026-22513	2 Ancorathemes, Wordpress	2 Triompher, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through <= 1.1.0.
CVE-2026-22514	2 Ancorathemes, Wordpress	2 Unica, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1.
CVE-2026-22515	2 Ancorathemes, Wordpress	2 Vegadays, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0.
CVE-2026-22516	2 Ancorathemes, Wordpress	2 Wizor's, Wordpress	2026-03-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12.
CVE-2026-23972	2 Magepeople, Wordpress	2 Booking & Rental Manager, Wordpress	2026-03-27	6.5 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.
CVE-2026-23977	2 Wordpress, Wpfactory	2 Wordpress, Helpdesk Support Ticket System For Woocommerce	2026-03-27	7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-24359	2 Dokan, Wordpress	2 Dokan, Wordpress	2026-03-27	8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.
CVE-2026-24363	2 Loopus, Wordpress	2 Wp Cost Estimation & Payment Forms Builder, Wordpress	2026-03-27	7.5 High
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.
CVE-2026-24364	2 Wedevs, Wordpress	2 Wp User Frontend, Wordpress	2026-03-27	6.5 Medium
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
CVE-2026-24369	2 Theme-one, Wordpress	2 The Grid, Wordpress	2026-03-27	7.1 High
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-24372	2 Wordpress, Wp Swings	2 Wordpress, Subscriptions For Woocommerce	2026-03-27	7.5 High
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through <= 1.8.10.
CVE-2026-24376	2 Javier Casares, Wordpress	2 Wpvulnerability, Wordpress	2026-03-27	6.5 Medium
Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from n/a through <= 4.2.1.
CVE-2026-24378	2 Metagauss, Wordpress	2 Eventprime, Wordpress	2026-03-27	9.8 Critical
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.

« first previous Page 21 of 17047. next last »