Search Results (14069 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-42639 2 Dev4press, Wordpress 2 Gd Rating System, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42667 2 Bookly, Wordpress 2 Bookly, Wordpress 2026-06-16 7.5 High
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
CVE-2026-42688 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2026-42775 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-49105 2 Crmperks, Wordpress 2 Wp Zendesk For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress 2026-06-16 9.8 Critical
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
CVE-2026-52693 2 Implecode, Wordpress 2 Ecommerce Product Catalog, Wordpress 2026-06-16 9.3 Critical
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
CVE-2026-40767 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
CVE-2026-48965 2 Watchful, Wordpress 2 Xcloner, Wordpress 2026-06-16 6.5 Medium
Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.
CVE-2026-49764 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-06-16 9.8 Critical
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
CVE-2026-49773 2 Foliovision, Wordpress 2 Fv Flowplayer Video Player, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
CVE-2026-34902 2 Wcproducttable, Wordpress 2 Woocommerce Product Table Lite, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
CVE-2026-39471 2 Shortpixel, Wordpress 2 Shortpixel Image Optimizer, Wordpress 2026-06-16 7.2 High
Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.
CVE-2026-39489 2 Wordpress, Wpchill 2 Wordpress, Download Monitor 2026-06-16 4.4 Medium
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
CVE-2026-39514 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
CVE-2026-39579 2 Bplugins, Wordpress 2 B Blocks, Wordpress 2026-06-16 8.8 High
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
CVE-2026-40727 2 Groundhogg, Wordpress 2 Groundhogg, Wordpress 2026-06-16 7.7 High
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
CVE-2026-40774 2 Saasproject, Wordpress 2 Booking Package, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
CVE-2026-48883 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Bundles For Woocommerce 2026-06-16 7.5 High
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
CVE-2026-52704 2 Edgarrojas, Wordpress 2 Woocommerce Pdf Invoice Builder, Wordpress 2026-06-16 10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8.