Export limit exceeded: 10674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10674 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24633 | 2 Passionatebrains, Wordpress | 2 Add Expires Headers \& Optimized Minify, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.1.0. | ||||
| CVE-2026-24596 | 2 Marynixie, Wordpress | 2 Related Posts Thumbnails Plugin For Wordpress, Wordpress | 2026-01-26 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1. | ||||
| CVE-2026-24572 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0. | ||||
| CVE-2026-24612 | 2 Themebeez, Wordpress | 2 Orchid Store, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15. | ||||
| CVE-2025-14745 | 2 Rebelcode, Wordpress | 2 Rss Aggregator, Wordpress | 2026-01-26 | 6.4 Medium |
| The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-24616 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 6.5 Medium |
| Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3. | ||||
| CVE-2026-24576 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0. | ||||
| CVE-2026-24588 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4. | ||||
| CVE-2026-24558 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1. | ||||
| CVE-2026-24599 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-01-26 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2026-24634 | 2 Rustaurius, Wordpress | 2 Ultimate Reviews, Wordpress | 2026-01-26 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16. | ||||
| CVE-2025-14947 | 2 Plugins360, Wordpress | 2 All-in-one Video Gallery, Wordpress | 2026-01-26 | 6.5 Medium |
| The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video` functions in all versions up to, and including, 4.6.4. This makes it possible for unauthenticated attackers to create and delete videos on the Bunny Stream CDN associated with the victim's account, provided they can obtain a valid nonce which is exposed in public player templates. | ||||
| CVE-2025-32660 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2026-01-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2023-47762 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterdocs | 2026-01-23 | 4.3 Medium |
| Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2. | ||||
| CVE-2025-30880 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 7.5 High |
| Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2. | ||||
| CVE-2025-30882 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.1. | ||||
| CVE-2025-30901 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2. | ||||
| CVE-2025-31867 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2026-01-23 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-31910 | 2 Reputeinfosystems, Wordpress | 2 Bookingpress, Wordpress | 2026-01-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | ||||
| CVE-2025-32146 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2026-01-23 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||