Search Results (37198 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-2992 2 Iqonicdesign, Wordpress 2 Kivicare – Clinic & Patient Management System (ehr), Wordpress 2026-04-22 8.2 High
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to create a new clinic and a WordPress user with clinic admin privileges.
CVE-2026-1253 2 Atomchat, Wordpress 2 Group Chat & Video Chat By Atomchat, Wordpress 2026-04-22 4.3 Medium
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat_update_auth_ajax' and 'atomchat_update_layout_ajax' functions in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options, including critical settings such as API keys, authentication keys, and layout configurations.
CVE-2026-4241 1 Itsourcecode 1 College Management System 2026-04-22 6.3 Medium
A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course_code leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-4229 1 Vanna-ai 1 Vanna 2026-04-22 7.3 High
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-3658 2 Croixhaug, Wordpress 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress 2026-04-22 7.5 High
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, including usernames, email addresses, and password hashes.
CVE-2026-2373 2 Wordpress, Wproyal 2 Wordpress, Royal Addons For Elementor – Addons And Templates Kit For Elementor 2026-04-22 5.3 Medium
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract contents of non-public custom post types, such as Contact Form 7 submissions or WooCommerce coupons.
CVE-2026-1926 2 Wordpress, Wpswings 2 Wordpress, Subscriptions For Woocommerce 2026-04-22 5.3 Medium
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wps_sfw_admin_cancel_susbcription()` function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the `init` action without any authentication or authorization checks, and only performing a non-empty check on the nonce parameter without actually validating it via `wp_verify_nonce()`. This makes it possible for unauthenticated attackers to cancel any active WooCommerce subscription by sending a crafted GET request with an arbitrary nonce value via the `wps_subscription_id` parameter.
CVE-2026-2468 2 Quentn, Wordpress 2 Quentn Wp, Wordpress 2026-04-22 7.5 High
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the `get_user_access()` method. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-4232 1 Tiandy 1 Integrated Management Platform 2026-04-22 7.3 High
A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-3475 2 Instantpopupbuilder, Wordpress 2 Instant Popup Builder – Powerful Popup Maker For Opt-ins, Email Newsletters & Lead Generation, Wordpress 2026-04-22 5.3 Medium
The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handle_email_verification_page() function constructing a shortcode string from user-supplied GET parameters (token, email) and passing it to do_shortcode() without properly sanitizing square bracket characters, combined with missing authorization checks on the init hook. While sanitize_text_field() and esc_attr() are applied, neither function strips or escapes square bracket characters ([ and ]). WordPress's shortcode regex uses [^\]\/]* to match content inside shortcode tags, meaning a ] character in the token value prematurely closes the shortcode tag. This makes it possible for unauthenticated attackers to inject and execute arbitrary registered shortcodes by crafting a malicious token parameter containing ] followed by arbitrary shortcode syntax.
CVE-2026-2559 2 Saadiqbal, Wordpress 2 Post Smtp – Complete Email Deliverability And Smtp Solution With Email Logs, Alerts, Backup Smtp & Mobile App, Wordpress 2026-04-22 5.3 Medium
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `handle_office365_oauth_redirect()` function in all versions up to, and including, 3.8.0. This is due to the function being hooked to `admin_init` without any `current_user_can()` check or nonce verification. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the site's Office 365 OAuth mail configuration (access token, refresh token, and user email) via a crafted URL. The configuration option is used during wizard setup of Microsoft365 SMTP, only available in the Pro option of the plugin. This could cause an Administrator to believe an attacker-controlled Azure app is their own, and lead them to connect the plugin to the attacker's account during configuration after upgrading to Pro.
CVE-2025-10896 3 Elementor, Litonice13, Wordpress 3 Elementor, Image Hover Effects For Elementor, Wordpress 2026-04-22 8.8 High
Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the '*_recommended_upgrade_plugin' function which allows arbitrary plugin URLs to be installed. This makes it possible for authenticated attackers with subscriber-level access and above to upload arbitrary plugin packages to the affected site's server via a crafted plugin URL, which may make remote code execution possible.
CVE-2025-12167 2 Rnzo, Wordpress 2 Contact Form 7 Aweber Extension, Wordpress 2026-04-22 4.3 Medium
The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_aweber_logreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the AWeber logs.
CVE-2025-11894 1 Wordpress 1 Wordpress 2026-04-22 5.3 Medium
The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings like the ServerKey and LicenseKey.
CVE-2026-32363 2 Funlus Oy, Wordpress 2 Wplifecycle, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.
CVE-2026-32432 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.
CVE-2026-3045 2 Croixhaug, Wordpress 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress 2026-04-22 7.5 High
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments.
CVE-2026-32445 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-04-22 2.7 Low
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
CVE-2026-32387 2 Noorsplugin, Wordpress 2 Checkout For Paypal, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
CVE-2026-32423 2 Bowo, Wordpress 2 Admin And Site Enhancements Ase, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.