Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365171 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57410 2 Mailerpress Team, Wordpress 2 Mailerpress, Wordpress 2026-07-13 8.8 High
Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through <= 2.0.2.
CVE-2026-57380 2 Hupe13, Wordpress 2 Extensions For Leaflet Map, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 5.1.
CVE-2026-57422 2 Villatheme, Wordpress 2 Bopo – Woocommerce Product Bundle Builder, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through <= 1.2.0.
CVE-2026-57387 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in picu picu picu allows Stored XSS.This issue affects picu: from n/a through <= 3.5.1.
CVE-2026-57400 2 Wordpress, Wp Swings 2 Wordpress, Event Tickets Manager For Woocommerce 2026-07-13 6.5 Medium
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through <= 1.5.5.
CVE-2026-57406 2026-07-13 6.5 Medium
Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a through <= 1.7.6.
CVE-2026-57694 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-07-13 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.13.
CVE-2026-57412 2 Codemenschen, Wordpress 2 Gift Vouchers, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through <= 4.6.9.
CVE-2026-57732 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4.
CVE-2026-57741 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.0.
CVE-2026-57418 2 Boldgrid, Wordpress 2 Client Invoicing By Sprout Invoices, Wordpress 2026-07-13 6.5 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.13.
CVE-2026-57771 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through <= 3.7.
CVE-2026-57779 2026-07-13 5.3 Medium
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5.
CVE-2026-57424 2026-07-13 6.5 Medium
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through <= 2.1.4.
CVE-2026-57697 2 Metagauss, Wordpress 2 Profilegrid, Wordpress 2026-07-13 7.5 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through <= 5.9.9.6.
CVE-2026-57787 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through <= 1.5.5.
CVE-2026-57714 2 Latepoint, Wordpress 2 Latepoint, Wordpress 2026-07-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through <= 5.6.3.
CVE-2026-57726 2026-07-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12.
CVE-2026-57734 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
CVE-2026-35159 2026-07-13 5.3 Medium
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.