Export limit exceeded: 338683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32427 | 2 Vowelweb, Wordpress | 2 Vw Education Lite, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0. | ||||
| CVE-2026-32450 | 2 Realmag777, Wordpress | 2 Active Products Tables For Woocommerce, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7. | ||||
| CVE-2026-32452 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. | ||||
| CVE-2026-32454 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0. | ||||
| CVE-2026-32460 | 2 Themefic, Wordpress | 2 Ultimate Addons For Contact Form 7, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36. | ||||
| CVE-2026-32612 | 1 Statamic | 1 Cms | 2026-03-16 | 5.4 Medium |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. This has been fixed in 6.6.2. | ||||
| CVE-2026-32334 | 2 Rarathemes, Wordpress | 2 Jobscout, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7. | ||||
| CVE-2026-32345 | 2 Rarathemes, Wordpress | 2 Perfect Portfolio, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4. | ||||
| CVE-2026-32396 | 2 Radiustheme, Wordpress | 2 Team, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | ||||
| CVE-2026-32403 | 2 Toocheke, Wordpress | 2 Toocheke Companion, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194. | ||||
| CVE-2026-32413 | 2 Maciej Bis, Wordpress | 2 Permalink Manager Lite, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3. | ||||
| CVE-2026-3045 | 2 Croixhaug, Wordpress | 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress | 2026-03-16 | 7.5 High |
| The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments. | ||||
| CVE-2026-32343 | 2 Magazine3, Wordpress | 2 Easy Table Of Contents, Wordpress | 2026-03-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80. | ||||
| CVE-2026-32352 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. | ||||
| CVE-2026-32356 | 2 Robosoft, Wordpress | 2 Robo Gallery, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2. | ||||
| CVE-2026-32383 | 2 Raratheme, Wordpress | 2 Ridhi, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2. | ||||
| CVE-2026-32409 | 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform | 2 Wordpress, Forminator | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2. | ||||
| CVE-2026-32418 | 2 Jordy Meow, Wordpress | 2 Meow Gallery, Wordpress | 2026-03-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4. | ||||
| CVE-2026-32435 | 2 Vowelweb, Wordpress | 2 Vw Pet Shop, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7. | ||||
| CVE-2026-32438 | 2 Vowelweb, Wordpress | 2 Vw School Education, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6. | ||||