CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 341454 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-31920	2 Devteam Haywoodtech, Wordpress	2 Product Rearrange For Woocommerce, Wordpress	2026-03-30	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2.
CVE-2026-32489	2 Bplugins, Wordpress	2 B Blocks, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32510	2 Edge-themes, Wordpress	2 Kamperen, Wordpress	2026-03-30	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
CVE-2026-24373	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-03-30	8.1 High
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.
CVE-2026-24382	2 Wordpress, Wp-royal-themes	2 Wordpress, News Magazine X	2026-03-30	7.5 High
Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a through <= 1.2.50.
CVE-2026-24970	2 Designingmedia, Wordpress	2 Energox, Wordpress	2026-03-30	7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.2.
CVE-2026-24977	2 Nootheme, Wordpress	2 Organici Library, Wordpress	2026-03-30	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-24980	2 Nootheme, Wordpress	2 Visionary Core, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24981	2 Nootheme, Wordpress	2 Visionary Core, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24987	2 Activity-log.com, Wordpress	2 Wp System Log, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7.
CVE-2026-24989	2 Fantasticplugins, Wordpress	2 Sumo Affiliates Pro, Wordpress	2026-03-30	9.8 Critical
Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0.
CVE-2026-25007	2 Elementinvader, Wordpress	2 Elementinvader Addons For Elementor, Wordpress	2026-03-30	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.2.
CVE-2026-25009	2 Rarathemes, Wordpress	2 Education Zone, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.
CVE-2026-25013	2 Whmcsdes, Wordpress	2 Phox Hosting, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through <= 2.0.8.
CVE-2026-25026	2 Radiustheme, Wordpress	2 Team, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11.
CVE-2026-25035	2 Wasiliy Strecker / Contestgallery Developer, Wordpress	2 Contest Gallery, Wordpress	2026-03-30	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2.
CVE-2026-25306	2 8theme, Wordpress	2 Xstore Core, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through <= 5.6.4.
CVE-2026-25309	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25317	2 Tychesoftwares, Wordpress	2 Print Invoice & Delivery Notes For Woocommerce, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.9.0.
CVE-2026-25334	2 Wordpress, Wordpresschef	2 Wordpress, Salon Booking System Pro	2026-03-30	8.1 High
Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.

« first previous Page 39 of 17073. next last »