Export limit exceeded: 11758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32338 | 2 Rarathemes, Wordpress | 2 Construction Landing Page, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1. | ||||
| CVE-2026-32339 | 2 Raratheme, Wordpress | 2 Bakes And Cakes, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a through <= 1.2.9. | ||||
| CVE-2026-32340 | 2 Rarathemes, Wordpress | 2 Business One Page, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2. | ||||
| CVE-2026-32341 | 2 Rarathemes, Wordpress | 2 Benevolent, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9. | ||||
| CVE-2026-32348 | 2 Madrasthemes, Wordpress | 2 Mas Videos, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2. | ||||
| CVE-2026-32350 | 2 Wordpress, Wpradiant | 2 Wordpress, Chocolate House | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5. | ||||
| CVE-2026-32362 | 2 Activity-log.com, Wordpress | 2 Wp Sessions Time Monitoring Full Automatic, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3. | ||||
| CVE-2026-32363 | 2 Funlus Oy, Wordpress | 2 Wplifecycle, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1. | ||||
| CVE-2026-1870 | 2 Thimpress, Wordpress | 2 Thim Kit For Elementor – Pre-built Templates & Widgets For Elementor, Wordpress | 2026-04-22 | 5.3 Medium |
| The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to disclose private or draft LearnPress course content by supplying post_status in the params_url payload. | ||||
| CVE-2026-3045 | 2 Croixhaug, Wordpress | 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress | 2026-04-22 | 7.5 High |
| The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments. | ||||
| CVE-2026-31919 | 2 Josh Kohlbach, Wordpress | 2 Advanced Coupons For Woocommerce Coupons, Wordpress | 2026-04-22 | 4.3 Medium |
| Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1. | ||||
| CVE-2026-1948 | 2 Webaways, Wordpress | 2 Nex-forms-ultimate-forms-plugin, Wordpress | 2026-04-22 | 4.3 Medium |
| The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to to deactivate the plugin license. | ||||
| CVE-2026-2233 | 2 Wedevs, Wordpress | 2 User Frontend Ai Powered Frontend Posting, User Directory, Profile, Membership & User Registration, Wordpress | 2026-04-22 | 5.3 Medium |
| The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft_post() function in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to modify arbitrary posts (e.g. unpublish published posts and overwrite the contents) via the 'post_id' parameter. | ||||
| CVE-2026-4063 | 2 Wordpress, Wpzoom | 2 Wordpress, Social Icons Widget & Block – Social Media Icons & Share Buttons | 2026-04-22 | 4.3 Medium |
| The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter. | ||||
| CVE-2026-3977 | 1 Projectsend | 1 Projectsend | 2026-04-22 | 6.3 Medium |
| A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-32432 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42. | ||||
| CVE-2026-32487 | 2 Rarathemes, Wordpress | 2 Lawyer Landing Page, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. | ||||
| CVE-2026-32486 | 2 Wordpress, Wptravelengine | 2 Wordpress, Travel Booking | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9. | ||||
| CVE-2026-32457 | 2 Wombat Plugins, Wordpress | 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18. | ||||
| CVE-2026-32453 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-04-22 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0. | ||||