Export limit exceeded: 338305 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338305 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32378 | 2 Rarathemes, Wordpress | 2 Book Landing Page, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7. | ||||
| CVE-2026-32435 | 2 Vowelweb, Wordpress | 2 Vw Pet Shop, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7. | ||||
| CVE-2026-32440 | 2 Ex-themes, Wordpress | 2 Wp Food, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1. | ||||
| CVE-2026-32448 | 2 Eric Teubert, Wordpress | 2 Podlove Podcast Publisher, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3. | ||||
| CVE-2026-32454 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0. | ||||
| CVE-2026-32462 | 2 Liton Arefin, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-03-16 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3. | ||||
| CVE-2026-3873 | 1 Syslink Software Ag | 1 Avantra | 2026-03-16 | 7.2 High |
| Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2026-32598 | 1 Oneuptime | 1 Oneuptime | 2026-03-16 | N/A |
| OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user. This vulnerability is fixed in 10.0.24. | ||||
| CVE-2026-32354 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-03-16 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9. | ||||
| CVE-2026-32402 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | ||||
| CVE-2026-32413 | 2 Maciej Bis, Wordpress | 2 Permalink Manager Lite, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3. | ||||
| CVE-2026-32415 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2026-03-16 | N/A |
| Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. | ||||
| CVE-2026-32426 | 2 Themelexus, Wordpress | 2 Medilazar Core, Wordpress | 2026-03-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7. | ||||
| CVE-2026-32597 | 1 Jpadilla | 1 Pyjwt | 2026-03-16 | 7.5 High |
| PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0. | ||||
| CVE-2026-32331 | 2 Israpil, Wordpress | 2 Textmetrics, Wordpress | 2026-03-16 | 4.3 Medium |
| Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4. | ||||
| CVE-2026-32360 | 2 Richplugins, Wordpress | 2 Rich Showcase For Google Reviews, Wordpress | 2026-03-16 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3. | ||||
| CVE-2026-32446 | 2 Syed Balkhi, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-03-16 | 4.3 Medium |
| Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3. | ||||
| CVE-2026-32335 | 2 Rarathemes, Wordpress | 2 The Conference, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5. | ||||
| CVE-2026-32384 | 2 Magepeopleteam, Wordpress | 2 Wpbookingly, Wordpress | 2026-03-16 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9. | ||||
| CVE-2026-32387 | 2 Noorsplugin, Wordpress | 2 Checkout For Paypal, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46. | ||||