Search Results (14054 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57774 2 Vowelweb, Wordpress 2 Vw Food Corner, Wordpress 2026-07-13 5.3 Medium
Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through <= 1.1.0.
CVE-2026-57776 2 Vowelweb, Wordpress 2 Vw Wedding, Wordpress 2026-07-13 5.3 Medium
Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through <= 1.3.7.
CVE-2026-57772 2 Wordpress, Wpinventory 2 Wordpress, Wp Inventory Manager 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through <= 2.4.0.
CVE-2026-57779 2 Themebeez, Wordpress 2 Fascinate, Wordpress 2026-07-13 5.3 Medium
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5.
CVE-2026-57780 2 Plugin Envision, Wordpress 2 Envision Page Builder, Wordpress 2026-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through <= 0.22.
CVE-2026-57781 2 Sovlix, Wordpress 2 Meetinghub, Wordpress 2026-07-13 5.3 Medium
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through <= 1.25.10.
CVE-2026-57782 2 Presstigers, Wordpress 2 Universal Clocks, Wordpress 2026-07-13 5.3 Medium
Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n/a through <= 1.2.0.
CVE-2026-57795 2 Themelexus, Wordpress 2 Kitchor, Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through <= 1.4.3.
CVE-2026-57796 2 Vlthemes, Wordpress 2 Leedo, Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through <= 3.0.0.
CVE-2026-57799 2 Uxper, Wordpress 2 Nuss, Wordpress 2026-07-13 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.6.
CVE-2026-57813 2 Properfraction, Wordpress 2 Mailoptin, Wordpress 2026-07-13 9.8 Critical
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3.
CVE-2026-61952 2 Jose Vega, Wordpress 2 Woocommerce Bulk Edit Products – Wp Sheet Editor, Wordpress 2026-07-13 4.9 Medium
Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21.
CVE-2026-61955 2 Hannan, Wordpress 2 گرویتی فرم فارسی, Wordpress 2026-07-13 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through <= 3.0.2.
CVE-2026-61956 2 Hamsalam, Wordpress 2 ووسلام – همگام سازی ووکامرس و باسلام, Wordpress 2026-07-13 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1.
CVE-2026-61970 2 Themeisle, Wordpress 2 Auto Featured Image (auto Post Thumbnail), Wordpress 2026-07-13 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through <= 5.0.4.
CVE-2026-57810 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-07-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.4.
CVE-2026-61977 2 Crocoblock, Wordpress 2 Jetsearch, Wordpress 2026-07-13 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through <= 3.6.1.2.
CVE-2026-61985 2 Magepeopleteam, Wordpress 2 Car Rental Manager, Wordpress 2026-07-13 5.3 Medium
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.3.7.
CVE-2026-57816 2 Funnelkit, Wordpress 2 Funnel Builder By Funnelkit, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows Reflected XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.15.0.8.
CVE-2026-61971 2 Cozmoslabs, Wordpress 2 User Profile Picture, Wordpress 2026-07-13 2.7 Low
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through <= 2.6.3.