Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11623 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25390 | 2 Saad Iqbal, Wordpress | 2 New User Approve, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3. | ||||
| CVE-2026-25454 | 2 Mvpthemes, Wordpress | 2 The League, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1. | ||||
| CVE-2026-25460 | 2 Liquidthemes, Wordpress | 2 Ave Core, Wordpress | 2026-04-24 | 6.3 Medium |
| Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1. | ||||
| CVE-2026-3098 | 2 Nextendweb, Wordpress | 2 Smart Slider 3, Wordpress | 2026-04-24 | 6.5 Medium |
| The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2026-25462 | 2 Avalex, Wordpress | 2 Avalex, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3. | ||||
| CVE-2026-24382 | 2 Wordpress, Wp-royal-themes | 2 Wordpress, News Magazine X | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a through <= 1.2.50. | ||||
| CVE-2026-24987 | 2 Activity-log.com, Wordpress | 2 Wp System Log, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7. | ||||
| CVE-2026-23806 | 2 Blueglass Interactive Ag, Wordpress | 2 Jobs For Wordpress, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8. | ||||
| CVE-2026-24362 | 2 Bdthemes, Wordpress | 2 Ultimate Post Kit, Wordpress | 2026-04-24 | 6.4 Medium |
| Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21. | ||||
| CVE-2026-24363 | 2 Loopus, Wordpress | 2 Wp Cost Estimation & Payment Forms Builder, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0. | ||||
| CVE-2026-25365 | 2 Wordpress, Özgür Karalar | 2 Wordpress, Kargo Takip | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4. | ||||
| CVE-2026-25009 | 2 Rarathemes, Wordpress | 2 Education Zone, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8. | ||||
| CVE-2026-24369 | 2 Theme-one, Wordpress | 2 The Grid, Wordpress | 2026-04-24 | 7.1 High |
| Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | ||||
| CVE-2026-24364 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5. | ||||
| CVE-2026-24376 | 2 Javier Casares, Wordpress | 2 Wpvulnerability, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from n/a through <= 4.2.1. | ||||
| CVE-2026-25026 | 2 Radiustheme, Wordpress | 2 Team, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11. | ||||
| CVE-2026-24972 | 2 Elated-themes, Wordpress | 2 Elated Listing, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4. | ||||
| CVE-2026-25034 | 2 Iqonic, Wordpress | 2 Kivicare, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16. | ||||
| CVE-2026-3225 | 2 Thimpress, Wordpress | 2 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses, Wordpress | 2026-04-24 | 4.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site. | ||||
| CVE-2026-4066 | 2 Inc2734, Wordpress | 2 Smart Custom Fields, Wordpress | 2026-04-24 | 4.3 Medium |
| The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to read private and draft post content from other authors via the smart-cf-relational-posts-search AJAX action. The function queries posts with post_status=any and returns full WP_Post objects including post_content, but only checks the generic edit_posts capability instead of verifying whether the requesting user has permission to read each individual post. | ||||