Search Results (13749 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32524 2 Jordy Meow, Wordpress 2 Photo Engine, Wordpress 2026-04-24 9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.
CVE-2026-25382 2 Jwsthemes, Wordpress 2 Idealauto, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6.
CVE-2026-27049 2 Nootheme, Wordpress 2 Jobica Core, Wordpress 2026-04-24 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
CVE-2026-27079 2 Mikado-themes, Wordpress 2 Amfissa, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.
CVE-2026-32488 2 Wordpress, Wpeverest 2 Wordpress, User Registration 2026-04-24 8.1 High
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9.
CVE-2026-27076 2 Mikado-themes, Wordpress 2 Luxedrive, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.0.
CVE-2026-25430 2 Crm Perks, Wordpress 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.2.2.
CVE-2026-32498 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-25400 2 Thememount, Wordpress 2 Apicona, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.
CVE-2026-25457 2 Select-themes, Wordpress 2 Mixtape, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1.
CVE-2026-32545 2 Taboola, Wordpress 2 Taboola Pixel, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through <= 1.1.4.
CVE-2026-27078 2 Mikado-themes, Wordpress 2 Emaurri, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1.
CVE-2026-32528 2 Don-themes, Wordpress 2 Riode, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
CVE-2026-27044 2 Totalsuite, Wordpress 2 Total Poll Lite, Wordpress 2026-04-24 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.
CVE-2026-32573 2 Neliosoftware, Wordpress 2 Nelio Ab Testing, Wordpress 2026-04-24 9.1 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.
CVE-2026-32522 2 Vanquish, Wordpress 2 Woocommerce Support Ticket System, Wordpress 2026-04-24 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.
CVE-2026-32520 2 Andrew Munro / Affiliatewp, Wordpress 2 Rewardswp, Wordpress 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.
CVE-2026-32516 2 Kamleshyadav, Wordpress 2 Miraculous Core Plugin, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2.
CVE-2026-32512 2 Edge-themes, Wordpress 2 Pelicula, Wordpress 2026-04-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.
CVE-2026-32505 2 Creativews, Wordpress 2 Kiddy, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through <= 2.0.8.