Export limit exceeded: 362966 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-8494 2 Maciej Bis, Wordpress 2 Permalink Manager Lite, Wordpress 2026-06-26 6.4 Medium
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in the admin Permalink Manager page that will execute whenever an administrator accesses the Permalink Manager page.
CVE-2026-9690 2 Joomunited, Wordpress 2 Wp Media Folder, Wordpress 2026-06-26 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2026-22332 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
CVE-2026-39596 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40721 2 Bdthemes, Wordpress 2 Element Pack, Wordpress 2026-06-26 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-40783 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-26 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2026-42385 2 Cozmoslabs, Wordpress 2 Profile Builder, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-42629 2 Powerpackelements, Wordpress 2 Powerpack Addons For Elementor, Wordpress 2026-06-26 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-49778 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-54802 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54811 2 Tipsandtricks-hq, Wordpress 2 Wp Emember, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVE-2025-69140 2 Seventhqueen, Wordpress 2 Sweet Date, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54822 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
CVE-2026-54828 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
CVE-2026-54849 2 Premmerce, Wordpress 2 Wishlist For Woocommerce, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
CVE-2026-56053 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56071 2 Wordpress, Wpmudev 2 Wordpress, Forminator Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-54848 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-06-26 8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-56006 2 H5p, Wordpress 2 H5p, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.