Export limit exceeded: 11910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0812 | 2 Guillaumev, Wordpress | 2 Linkedin Sc, Wordpress | 2026-04-16 | 4.4 Medium |
| The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedin_sc_date_format', 'linkedin_sc_api_key', and 'linkedin_sc_secret_key' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page. | ||||
| CVE-2026-0734 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.4 Medium |
| The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowed-hosts' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2026-0813 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.4 Medium |
| The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short_link_post_title' and 'short_link_page_title' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page. | ||||
| CVE-2026-23550 | 2 Modular, Wordpress | 2 Modular, Wordpress | 2026-04-16 | N/A |
| Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. | ||||
| CVE-2026-0833 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 6.4 Medium |
| The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user-supplied social network link URLs. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-0808 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated attackers to manipulate which prize they win by modifying the 'prize_index' parameter sent to the server, allowing them to always select the most valuable prizes. | ||||
| CVE-2026-22355 | 2 Gregmolnar, Wordpress | 2 Simple Xml Sitemap, Wordpress | 2026-04-16 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3. | ||||
| CVE-2026-22382 | 2 Mikado-themes, Wordpress | 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress | 2026-04-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2026-22393 | 2 Mikado-themes, Wordpress | 2 Curly, Wordpress | 2026-04-16 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3. | ||||
| CVE-2026-22401 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2. | ||||
| CVE-2026-22406 | 2 Mikado-themes, Wordpress | 2 Overton, Wordpress | 2026-04-16 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3. | ||||
| CVE-2026-22426 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2. | ||||
| CVE-2026-22445 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. | ||||
| CVE-2026-22462 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5. | ||||
| CVE-2026-22463 | 2 Micro.company, Wordpress | 2 Form To Chat App, Wordpress | 2026-04-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5. | ||||
| CVE-2026-22464 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-04-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33. | ||||
| CVE-2026-22466 | 2 Chandnipatel, Wordpress | 2 Wp Mapit, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3. | ||||
| CVE-2026-22469 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2. | ||||
| CVE-2026-22470 | 2 Firestorm Plugins, Wordpress | 2 Firestorm Professional Real Estate, Wordpress | 2026-04-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11. | ||||
| CVE-2026-22483 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12. | ||||