Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57410 2 Mailerpress Team, Wordpress 2 Mailerpress, Wordpress 2026-07-13 8.8 High
Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through <= 2.0.2.
CVE-2026-57380 2 Hupe13, Wordpress 2 Extensions For Leaflet Map, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 5.1.
CVE-2026-57416 2 Siteground, Wordpress 2 Email-marketing, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through <= 1.7.5.
CVE-2026-57422 2 Villatheme, Wordpress 2 Bopo – Woocommerce Product Bundle Builder, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through <= 1.2.0.
CVE-2026-57387 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1.
CVE-2026-57400 2 Wordpress, Wp Swings 2 Wordpress, Event Tickets Manager For Woocommerce 2026-07-13 6.5 Medium
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through <= 1.5.5.
CVE-2026-57694 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-07-13 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.13.
CVE-2026-57412 2 Codemenschen, Wordpress 2 Gift Vouchers, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through <= 4.6.9.
CVE-2026-57732 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4.
CVE-2026-57418 2 Boldgrid, Wordpress 2 Client Invoicing By Sprout Invoices, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.13.
CVE-2026-57697 2 Metagauss, Wordpress 2 Profilegrid, Wordpress 2026-07-13 7.5 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through <= 5.9.9.6.
CVE-2026-57787 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through <= 1.5.5.
CVE-2026-57714 2 Latepoint, Wordpress 2 Latepoint, Wordpress 2026-07-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through <= 5.6.3.
CVE-2026-46730 1 Dell 1 Powerprotect Data Domain 2026-07-13 4.2 Medium
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.
CVE-2026-57801 2 Select-themes, Wordpress 2 Setsail, Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through <= 2.1.
CVE-2026-57804 2 Codexthemes, Wordpress 2 Thegem Theme Elements (for Elementor), Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.1.
CVE-2026-57811 2 Realtyna, Wordpress 2 Realtyna Organic Idx Plugin, Wordpress 2026-07-13 10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0.
CVE-2026-57815 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform 2 Wordpress, Forminator 2026-07-13 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through <= 1.55.0.2.
CVE-2026-59515 2 Sergey, Wordpress 2 Aiwu, Wordpress 2026-07-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through <= 1.5.4.
CVE-2026-57744 2 Stmcan, Wordpress 2 Rt-theme 18 | Extensions, Wordpress 2026-07-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.