Search Results (14055 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13422 2 Harmonicdesign, Wordpress 2 Hd Quiz, Wordpress 2026-06-29 4.3 Medium
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdq_validate_nonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create new quizzes, and change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2026-13331 2 Trainingbusinesspros, Wordpress 2 Groundhogg — Crm, Newsletters, And Marketing Automation, Wordpress 2026-06-27 6.5 Medium
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-57643 2 Afthemes, Wordpress 2 Wp Post Author, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
CVE-2026-57653 2 Wordpress, Wpjobportal 2 Wordpress, Wp Job Portal 2026-06-26 8.5 High
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
CVE-2026-56031 2 Uncannyowl, Wordpress 2 Uncanny Automator, Wordpress 2026-06-26 8.1 High
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
CVE-2026-57652 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-06-26 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
CVE-2026-54825 2 Wordpress, Wpdatatables 2 Wordpress, Wpdatatables 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
CVE-2026-56064 2 Themefic, Wordpress 2 Tourfic, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
CVE-2026-57631 2 Ays-pro, Wordpress 2 Popup Box, Wordpress 2026-06-26 7.6 High
Administrator SQL Injection in Popup box <= 6.0.1 versions.
CVE-2026-57646 2 Majesticsupport, Wordpress 2 Majestic Support, Wordpress 2026-06-26 5.4 Medium
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
CVE-2026-57661 2 Nexcess, Wordpress 2 Wpcomplete, Wordpress 2026-06-26 5.4 Medium
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
CVE-2026-8380 2 Frontend File Manager Plugin, Wordpress 2 Frontend File Manager Plugin, Wordpress 2026-06-26 6.5 Medium
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugin WordPress plugin through 23.6's "Allow guest uploads" setting is enabled by an administrator, the same deletion primitive becomes reachable by unauthenticated users.
CVE-2026-52701 2 Themegrill, Wordpress 2 User Registration, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
CVE-2026-57318 2 Geminilabs, Wordpress 2 Site Reviews, Wordpress 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
CVE-2026-57322 2 Wedevs, Wordpress 2 Wemail, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
CVE-2026-57636 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
CVE-2026-57650 2 Blockart, Wordpress 2 Magazine Blocks, Wordpress 2026-06-26 6.5 Medium
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
CVE-2026-57658 2 Templatespare, Wordpress 2 Templatespare, Wordpress 2026-06-26 9.1 Critical
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
CVE-2026-57662 2 Wasiliy Strecker, Wordpress 2 Contest Gallery, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
CVE-2026-54831 2 Paolo, Wordpress 2 Geodirectory, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.