Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11623 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25390 2 Saad Iqbal, Wordpress 2 New User Approve, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3.
CVE-2026-25454 2 Mvpthemes, Wordpress 2 The League, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1.
CVE-2026-25460 2 Liquidthemes, Wordpress 2 Ave Core, Wordpress 2026-04-24 6.3 Medium
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
CVE-2026-3098 2 Nextendweb, Wordpress 2 Smart Slider 3, Wordpress 2026-04-24 6.5 Medium
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2026-25462 2 Avalex, Wordpress 2 Avalex, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.
CVE-2026-24382 2 Wordpress, Wp-royal-themes 2 Wordpress, News Magazine X 2026-04-24 7.5 High
Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a through <= 1.2.50.
CVE-2026-24987 2 Activity-log.com, Wordpress 2 Wp System Log, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7.
CVE-2026-23806 2 Blueglass Interactive Ag, Wordpress 2 Jobs For Wordpress, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-24362 2 Bdthemes, Wordpress 2 Ultimate Post Kit, Wordpress 2026-04-24 6.4 Medium
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
CVE-2026-24363 2 Loopus, Wordpress 2 Wp Cost Estimation & Payment Forms Builder, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.
CVE-2026-25365 2 Wordpress, Özgür Karalar 2 Wordpress, Kargo Takip 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4.
CVE-2026-25009 2 Rarathemes, Wordpress 2 Education Zone, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.
CVE-2026-24369 2 Theme-one, Wordpress 2 The Grid, Wordpress 2026-04-24 7.1 High
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-24364 2 Wedevs, Wordpress 2 Wp User Frontend, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
CVE-2026-24376 2 Javier Casares, Wordpress 2 Wpvulnerability, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from n/a through <= 4.2.1.
CVE-2026-25026 2 Radiustheme, Wordpress 2 Team, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11.
CVE-2026-24972 2 Elated-themes, Wordpress 2 Elated Listing, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4.
CVE-2026-25034 2 Iqonic, Wordpress 2 Kivicare, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16.
CVE-2026-3225 2 Thimpress, Wordpress 2 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses, Wordpress 2026-04-24 4.3 Medium
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site.
CVE-2026-4066 2 Inc2734, Wordpress 2 Smart Custom Fields, Wordpress 2026-04-24 4.3 Medium
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to read private and draft post content from other authors via the smart-cf-relational-posts-search AJAX action. The function queries posts with post_status=any and returns full WP_Post objects including post_content, but only checks the generic edit_posts capability instead of verifying whether the requesting user has permission to read each individual post.