Total
346623 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25013 | 2 Whmcsdes, Wordpress | 2 Phox Hosting, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through <= 2.0.8. | ||||
| CVE-2026-25018 | 2 Stmcan, Wordpress | 2 Naturalife Extensions, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows Reflected XSS.This issue affects NaturaLife Extensions: from n/a through <= 2.1. | ||||
| CVE-2026-25029 | 2 Park Of Ideas, Wordpress | 2 Kidz, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. | ||||
| CVE-2026-25030 | 2 Park Of Ideas, Wordpress | 2 Goldish, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47. | ||||
| CVE-2026-25031 | 2 Park Of Ideas, Wordpress | 2 Tasty Daily, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. | ||||
| CVE-2026-25032 | 2 Park Of Ideas, Wordpress | 2 Ricky, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31. | ||||
| CVE-2026-25034 | 2 Iqonic, Wordpress | 2 Kivicare, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16. | ||||
| CVE-2026-25304 | 2 Skygroup, Wordpress | 2 Jaroti, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Jaroti jaroti allows Reflected XSS.This issue affects Jaroti: from n/a through < 1.4.8. | ||||
| CVE-2026-25309 | 2 Publishpress, Wordpress | 2 Publishpress Authors, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1. | ||||
| CVE-2026-25334 | 2 Wordpress, Wordpresschef | 2 Wordpress, Salon Booking System Pro | 2026-04-24 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12. | ||||
| CVE-2026-25340 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2026-04-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4. | ||||
| CVE-2026-25342 | 2 Kutethemes, Wordpress | 2 Boutique, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6. | ||||
| CVE-2026-25345 | 2 Gallerycreator, Wordpress | 2 Simply Gallery, Wordpress | 2026-04-24 | 9.9 Critical |
| Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2. | ||||
| CVE-2026-25347 | 2 Acato, Wordpress | 2 Wp Rest Cache, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through <= 2026.1.0. | ||||
| CVE-2026-25350 | 2 Skygroup, Wordpress | 2 Miti, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3. | ||||
| CVE-2026-25352 | 2 Skygroup, Wordpress | 2 Mydecor, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through < 1.5.9. | ||||
| CVE-2026-25354 | 2 Skygroup, Wordpress | 2 Reebox, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8. | ||||
| CVE-2026-25356 | 2 Skygroup, Wordpress | 2 Yobazar, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7. | ||||
| CVE-2026-25358 | 2 Rascals, Wordpress | 2 Meloo, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2. | ||||
| CVE-2026-25359 | 2 Rascals, Wordpress | 2 Pendulum, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5. | ||||