CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 346777 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39641	2 Skywarrior, Wordpress	2 Blackfyre, Wordpress	2026-04-24	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.
CVE-2026-39639	2 Redpixelstudios, Wordpress	2 Rps Include Content, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through <= 1.2.2.
CVE-2026-39646	2 Bozdoz, Wordpress	2 Leaflet Map, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4.
CVE-2026-39631	2 Ronik@unlimitedwp, Wordpress	2 Wpschoolpress, Wordpress	2026-04-24	4.9 Medium
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.
CVE-2026-39635	2 Themegoods, Wordpress	2 Grand Magazine, Wordpress	2026-04-24	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.
CVE-2026-39648	2 Themebeez, Wordpress	2 Cream Blog, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
CVE-2026-23349	1 Linux	1 Linux Kernel	2026-04-24	5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening because not all the conditional effects bits were cleared. Properly clear all conditional effect bits from ffbit
CVE-2026-39671	2 Dotstore, Wordpress	2 Extra Fees Plugin For Woocommerce, Wordpress	2026-04-24	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.
CVE-2026-39668	2 G5theme, Wordpress	2 Book Previewer For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.
CVE-2026-39679	2 Apustheme, Wordpress	2 Freeio, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through <= 1.3.21.
CVE-2026-39656	2 Razorpay, Wordpress	2 Razorpay For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2.
CVE-2026-39660	2 Automattic, Wordpress	2 Wp Job Manager, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1.
CVE-2026-39662	2 Prowcplugins, Wordpress	2 Product Price By Formula For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.
CVE-2026-39663	2 Themetechmount, Wordpress	2 Truebooker, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.
CVE-2026-39664	2 Leadrebel, Wordpress	2 Leadrebel, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.
CVE-2026-39665	2 Vladimir Prelovac, Wordpress	2 Seo Friendly Images, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
CVE-2026-39667	2 Jongmyoung Kim, Wordpress	2 Korea Sns, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
CVE-2026-39669	2 Nitropack, Wordpress	2 Nitropack, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3.
CVE-2026-39670	2 Brecht, Wordpress	2 Visual Link Preview, Wordpress	2026-04-24	6 Medium
Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.
CVE-2026-39673	2 Shrikantkale, Wordpress	2 Izooto, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.

« first previous Page 79 of 17339. next last »