Export limit exceeded: 359646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24575 | 2 Wishlist Member, Wordpress | 2 Wishlist Member X, Wordpress | 2026-06-17 | 4.3 Medium |
| Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | ||||
| CVE-2026-39597 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Addons For Elementor | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. | ||||
| CVE-2025-69172 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. | ||||
| CVE-2026-39576 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | ||||
| CVE-2026-40756 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | ||||
| CVE-2026-27869 | 1 Teldat | 1 Regesta Smart Hd-plc - Tldph16d2 | 2026-06-17 | N/A |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. | ||||
| CVE-2025-49403 | 2 Aa-team, Wordpress | 2 Premium Age Verification Restriction For Wordpress, Wordpress | 2026-06-17 | 7.5 High |
| Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions. | ||||
| CVE-2025-69120 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | ||||
| CVE-2025-69140 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | ||||
| CVE-2026-39523 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | ||||
| CVE-2026-40720 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions. | ||||
| CVE-2026-39546 | 2 Techspawn, Wordpress | 2 Multiloca, Wordpress | 2026-06-17 | 7.6 High |
| Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. | ||||
| CVE-2026-54192 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. | ||||
| CVE-2026-54195 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder, Wordpress | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. | ||||
| CVE-2026-54196 | 2 Jetmonsters, Wordpress | 2 Jetformbuilder, Wordpress | 2026-06-17 | 6.8 Medium |
| Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. | ||||
| CVE-2026-54806 | 2 Melapress, Wordpress | 2 Wp Activity Log, Wordpress | 2026-06-17 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | ||||
| CVE-2026-54813 | 2026-06-17 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | ||||
| CVE-2024-32949 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2026-06-17 | 8.3 High |
| Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. | ||||
| CVE-2024-33909 | 2 Avirtum, Wordpress | 2 Ipages Flipbook, Wordpress | 2026-06-17 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. | ||||
| CVE-2024-35690 | 2 Marketingfire, Wordpress | 2 Widget-options, Wordpress | 2026-06-17 | 6.5 Medium |
| Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. | ||||