Search Results (13693 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-9690 2 Joomunited, Wordpress 2 Wp Media Folder, Wordpress 2026-06-26 7.5 High
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
CVE-2026-22332 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
CVE-2026-39596 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-40721 2 Bdthemes, Wordpress 2 Element Pack, Wordpress 2026-06-26 7.5 High
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-40783 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-26 9.9 Critical
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2026-42385 2 Cozmoslabs, Wordpress 2 Profile Builder, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-42629 2 Powerpackelements, Wordpress 2 Powerpack Addons For Elementor, Wordpress 2026-06-26 8.8 High
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-49778 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-54802 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54811 2 Tipsandtricks-hq, Wordpress 2 Wp Emember, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVE-2025-69140 2 Seventhqueen, Wordpress 2 Sweet Date, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54822 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
CVE-2026-54828 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
CVE-2026-54849 2 Premmerce, Wordpress 2 Wishlist For Woocommerce, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
CVE-2026-56053 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56071 2 Wordpress, Wpmudev 2 Wordpress, Forminator Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-54848 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-06-26 8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-56006 2 H5p, Wordpress 2 H5p, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
CVE-2026-56050 2 Themeisle, Wordpress 2 Ppom For Woocommerce, Wordpress 2026-06-26 6.5 Medium
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.