Export limit exceeded: 14170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-61970 | 2 Themeisle, Wordpress | 2 Auto Featured Image (auto Post Thumbnail), Wordpress | 2026-07-13 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through <= 5.0.4. | ||||
| CVE-2026-57810 | 2 Saad Iqbal, Wordpress | 2 Apiexperts Square For Woocommerce, Wordpress | 2026-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.4. | ||||
| CVE-2026-61977 | 2 Crocoblock, Wordpress | 2 Jetsearch, Wordpress | 2026-07-13 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through <= 3.6.1.2. | ||||
| CVE-2026-61985 | 2 Magepeopleteam, Wordpress | 2 Car Rental Manager, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.3.7. | ||||
| CVE-2026-57816 | 2 Funnelkit, Wordpress | 2 Funnel Builder By Funnelkit, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows Reflected XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.15.0.8. | ||||
| CVE-2026-61971 | 2 Cozmoslabs, Wordpress | 2 User Profile Picture, Wordpress | 2026-07-13 | 2.7 Low |
| Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3. | ||||
| CVE-2026-57393 | 2 Edgarrojas, Wordpress | 2 Woocommerce Pdf Invoice Builder, Wordpress | 2026-07-13 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 2.0.8. | ||||
| CVE-2026-57413 | 2 Bdthemes, Wordpress | 2 Instant Image Generator, Wordpress | 2026-07-13 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4. | ||||
| CVE-2026-57706 | 2 Dokan, Wordpress | 2 Dokan, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through <= 5.0.6. | ||||
| CVE-2026-57708 | 2 Crmperks, Wordpress | 2 Contact Form Entries, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through <= 1.5.2. | ||||
| CVE-2026-57712 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Portfolio | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Portfolio wpzoom-portfolio allows Reflected XSS.This issue affects WPZOOM Portfolio: from n/a through <= 1.4.29. | ||||
| CVE-2026-12103 | 2 Subratamal, Wordpress | 2 Wallet For Woocommerce, Wordpress | 2026-07-13 | 4.3 Medium |
| The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate the login name, email address, and user ID of all WordPress accounts — including administrators — by submitting arbitrary search terms to the AJAX handler. The required 'search-user' nonce is localized into the wallet_param object on the standard WooCommerce My Account page, which is accessible to any authenticated user, making it trivially obtainable by a Subscriber. | ||||
| CVE-2026-59518 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2. | ||||
| CVE-2026-13116 | 2 Wordpress, Wpovernight | 2 Wordpress, Pdf Invoices & Packing Slips For Woocommerce | 2026-07-13 | 4.3 Medium |
| The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generate_document_shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to mint publicly accessible, session-free download links for arbitrary third-party orders, exposing customer names, billing and shipping addresses, email addresses, phone numbers, order and invoice numbers, line items, totals, payment details, and customer notes contained in those orders' invoices and packing slips. Exploitation requires the plugin's Document link access type setting to be configured to 'full'; with the default 'logged_in' value, generated URLs are signed with a per-session nonce rather than the order_key, making the shortcode path unexploitable for unauthorized access to third-party orders. | ||||
| CVE-2026-57814 | 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform | 2 Wordpress, Forminator | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through <= 1.55.0.1. | ||||
| CVE-2026-61983 | 2 Andymoyle, Wordpress | 2 Church Admin, Wordpress | 2026-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.30. | ||||
| CVE-2026-57790 | 2 Thememove, Wordpress | 2 Billey, Wordpress | 2026-07-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through <= 2.1.8. | ||||
| CVE-2026-57797 | 2 Thememove, Wordpress | 2 Edumall, Wordpress | 2026-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1. | ||||
| CVE-2026-57368 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5. | ||||
| CVE-2026-57724 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12. | ||||