Total
341479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25340 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2026-03-30 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4. | ||||
| CVE-2026-25341 | 2 Rsjoomla, Wordpress | 2 Rsfirewall!, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45. | ||||
| CVE-2026-25345 | 2 Gallerycreator, Wordpress | 2 Simply Gallery, Wordpress | 2026-03-30 | 9.9 Critical |
| Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2. | ||||
| CVE-2026-25346 | 2 Ays-pro, Wordpress | 2 Faq Builder, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through <= 1.8.2. | ||||
| CVE-2026-25350 | 2 Skygroup, Wordpress | 2 Miti, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3. | ||||
| CVE-2026-25352 | 2 Skygroup, Wordpress | 2 Mydecor, Wordpress | 2026-03-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through < 1.5.9. | ||||
| CVE-2026-25359 | 2 Rascals, Wordpress | 2 Pendulum, Wordpress | 2026-03-30 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5. | ||||
| CVE-2026-25360 | 2 Rascals, Wordpress | 2 Vex, Wordpress | 2026-03-30 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9. | ||||
| CVE-2026-25365 | 2 Wordpress, Özgür Karalar | 2 Wordpress, Kargo Takip | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4. | ||||
| CVE-2026-25366 | 2 Themeisle, Wordpress | 2 Woody Ad Snippets, Wordpress | 2026-03-30 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1. | ||||
| CVE-2026-25379 | 2 Jwsthemes, Wordpress | 2 Streamvid, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6. | ||||
| CVE-2026-25382 | 2 Jwsthemes, Wordpress | 2 Idealauto, Wordpress | 2026-03-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6. | ||||
| CVE-2026-25396 | 2 Coderpress, Wordpress | 2 Commerce Coinbase For Woocommerce, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6. | ||||
| CVE-2026-25397 | 2 Snowray Software, Wordpress | 2 File Uploader For Woocommerce, Wordpress | 2026-03-30 | 7.5 High |
| Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4. | ||||
| CVE-2026-25398 | 2 Webilia, Wordpress | 2 Vertex Addons For Elementor, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through <= 1.6.4. | ||||
| CVE-2026-25401 | 2 Arni Cinco, Wordpress | 2 Wpcargo Track & Trace, Wordpress | 2026-03-30 | 7.5 High |
| Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||||
| CVE-2026-25413 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-03-30 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2026-25414 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-03-30 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2026-25417 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2026-03-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through <= 5.9.8.1. | ||||
| CVE-2026-25430 | 2 Crm Perks, Wordpress | 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-03-30 | 6.5 Medium |
| Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.2.2. | ||||