Total
341253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25376 | 2 Eyecix, Wordpress | 2 Addon Jobsearch Chat, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0. | ||||
| CVE-2026-25383 | 2 Iqonic, Wordpress | 2 Kivicare, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through <= 3.6.16. | ||||
| CVE-2026-25435 | 2 Wordpress, Wpdevart | 3 Wordpress, Booking Calendar, Booking Calendar, Appointment Booking System | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.36. | ||||
| CVE-2026-25461 | 2 Purethemes, Wordpress | 2 Listeo, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through <= 2.0.21. | ||||
| CVE-2026-25465 | 2 Codepeople, Wordpress | 2 Cp Multi View Event Calendar, Wordpress | 2026-03-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35. | ||||
| CVE-2026-27046 | 2 Kaira, Wordpress | 2 Storecustomizer, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3. | ||||
| CVE-2026-27075 | 2 Mikado-themes, Wordpress | 2 Belfort, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0. | ||||
| CVE-2026-27039 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-03-30 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31. | ||||
| CVE-2026-27048 | 2 Elated-themes, Wordpress | 2 The Aisle Core, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5. | ||||
| CVE-2026-32519 | 2 Bitapps, Wordpress | 2 Bit Smtp, Wordpress | 2026-03-30 | 9 Critical |
| Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. | ||||
| CVE-2026-24378 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||||
| CVE-2026-32493 | 2 Eyecix, Wordpress | 2 Jobsearch, Wordpress | 2026-03-30 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 3.2.0. | ||||
| CVE-2026-32518 | 2 Imithemes, Wordpress | 2 Gaea, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8. | ||||
| CVE-2026-24974 | 2 Nootheme, Wordpress | 2 Citilights, Wordpress | 2026-03-30 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1. | ||||
| CVE-2026-32531 | 2 Gavias, Wordpress | 2 Kunco, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5. | ||||
| CVE-2026-32534 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-03-30 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3. | ||||
| CVE-2026-32538 | 2 Noor Alam, Wordpress | 2 Smtp Mailer, Wordpress | 2026-03-30 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24. | ||||
| CVE-2026-27049 | 2 Nootheme, Wordpress | 2 Jobica Core, Wordpress | 2026-03-30 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2. | ||||
| CVE-2026-24968 | 2 Wordpress, Xagio | 2 Wordpress, Xagio Seo | 2026-03-30 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30. | ||||
| CVE-2026-25030 | 2 Park Of Ideas, Wordpress | 2 Goldish, Wordpress | 2026-03-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47. | ||||