Export limit exceeded: 11523 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11523 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34898 | 2 Wordpress, Wp Swings | 2 Wordpress, Event Tickets Manager For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. | ||||
| CVE-2026-39525 | 2 Booking Activities Team, Wordpress | 2 Booking Activities, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions. | ||||
| CVE-2026-39594 | 2 Themefic, Wordpress | 2 Ultra Addons For Wpforms, Wordpress | 2026-06-23 | 6.4 Medium |
| Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | ||||
| CVE-2026-40741 | 2 Jose Conti, Wordpress | 2 Redsys For Woocommerce Light, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||||
| CVE-2026-40775 | 2 Royal Plugins, Wordpress | 2 Royal Mcp, Wordpress | 2026-06-23 | 7.3 High |
| Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | ||||
| CVE-2026-40776 | 2 Arraytics, Wordpress | 2 Wp Event Solution, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||||
| CVE-2026-40795 | 2 Tms, Wordpress | 2 Amelia, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Amelia <= 2.2 versions. | ||||
| CVE-2026-42664 | 2 Motive Commerce Search, Wordpress | 2 Ai Product Search For Woocommerce – Motive Commerce Search, Wordpress | 2026-06-23 | 8.2 High |
| Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | ||||
| CVE-2026-42666 | 2 Dimitri Grassi, Wordpress | 2 Salon Booking System, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-48835 | 2 Awesomemotive, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||||
| CVE-2026-48887 | 2 Ahmad, Wordpress | 2 Js Help Desk, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | ||||
| CVE-2026-49070 | 2 Knit Pay, Wordpress | 2 Knit Pay, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||||
| CVE-2026-9187 | 2 Wordpress, Zealopensource | 2 Wordpress, Abandoned Contact Form 7 | 2026-06-23 | 5.3 Medium |
| The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the action__remove_abandoned() function, which is registered to both the wp_ajax_remove_abandoned and wp_ajax_nopriv_remove_abandoned hooks. The handler takes a user-supplied recover_id parameter from $_POST and passes it directly to wp_delete_post() with the force-delete flag set to true, without verifying that the ID belongs to the plugin's own cf7af_data post type. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on the affected site by sending a single admin-ajax. | ||||
| CVE-2025-68045 | 2 Arraytics, Wordpress | 2 Wp Event Solution, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | ||||
| CVE-2026-52711 | 2 Kilbot, Wordpress | 2 Woocommerce Pos, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | ||||
| CVE-2026-54190 | 2 Awesomemotive, Wordpress | 2 Envira Photo Gallery, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | ||||
| CVE-2026-40809 | 2 Rara Themes, Wordpress | 2 Metro Magazine, Wordpress | 2026-06-23 | 6.5 Medium |
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. | ||||
| CVE-2025-69103 | 2 Utillz, Wordpress | 2 Brikk, Wordpress | 2026-06-23 | 7.5 High |
| Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions. | ||||
| CVE-2025-69137 | 2 Jthemes, Wordpress | 2 Genemy, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Genemy <= 1.6.6 versions. | ||||
| CVE-2026-8934 | 1 Google Cloud | 1 Cloud Console Uis | 2026-06-23 | N/A |
| A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched on 7 April 2026, and no customer action is needed. | ||||