Search
Search Results (13154 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42651 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 6.3 Medium |
| Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. | ||||
| CVE-2026-48882 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | ||||
| CVE-2026-49056 | 2 Webtoffee, Wordpress | 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. | ||||
| CVE-2026-49068 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-06-16 | 7.5 High |
| Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | ||||
| CVE-2026-49083 | 2 Latepoint, Wordpress | 2 Latepoint, Wordpress | 2026-06-16 | 7.5 High |
| Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | ||||
| CVE-2016-20075 | 2 Etoilewebdesign, Wordpress | 2 Ultimate Product Catalog, Wordpress | 2026-06-16 | 8.8 High |
| WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server. | ||||
| CVE-2026-40793 | 2 Groundhogg, Wordpress | 2 Groundhogg, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | ||||
| CVE-2026-42640 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions. | ||||
| CVE-2026-42659 | 2 Nasirahmed, Wordpress | 2 Advanced Form Integration, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions. | ||||
| CVE-2026-48964 | 2 Elextensions, Wordpress | 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | ||||
| CVE-2026-48970 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Ssl, Wordpress | 2026-06-16 | 8.1 High |
| Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | ||||
| CVE-2026-49065 | 2 Hippooo, Wordpress | 2 Hippoo Mobile App For Woocommerce, Wordpress | 2026-06-16 | 8.2 High |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | ||||
| CVE-2026-49763 | 2 Crm Perks, Wordpress | 2 Integration For Contact Form 7 Hubspot, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | ||||
| CVE-2026-52697 | 2 Taskbuilder, Wordpress | 2 Taskbuilder, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | ||||
| CVE-2026-34886 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. | ||||
| CVE-2026-40781 | 2 Reviewx, Wordpress | 2 Reviewx, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. | ||||
| CVE-2026-40782 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | ||||
| CVE-2026-40787 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. | ||||
| CVE-2026-40788 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-06-16 | 7.1 High |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | ||||
| CVE-2026-40791 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. | ||||