Search Results (12213 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32423 2 Bowo, Wordpress 2 Admin And Site Enhancements Ase, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.
CVE-2026-32453 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32352 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
CVE-2026-32460 2 Themefic, Wordpress 2 Ultimate Addons For Contact Form 7, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.
CVE-2026-32338 2 Rarathemes, Wordpress 2 Construction Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
CVE-2026-32447 2 Vito Peleg, Wordpress 2 Atarim, Wordpress 2026-04-22 4.3 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.
CVE-2026-32406 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Bundles For Woocommerce 2026-04-22 4.3 Medium
Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.
CVE-2026-32402 2 Ays-pro, Wordpress 2 Image Slider, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.
CVE-2026-32424 2 Boldgrid, Wordpress 2 Sprout Clients, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.
CVE-2026-32393 2 Creatives Planet, Wordpress 2 Greenly Theme Addons, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.
CVE-2026-32390 2 Linethemes, Wordpress 2 Nanosoft, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
CVE-2026-32431 2 Brainstorm Force, Wordpress 2 Astra Bulk Edit, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.
CVE-2026-32375 2 Raratheme, Wordpress 2 Travel Diaries, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.
CVE-2026-32374 2 Raratheme, Wordpress 2 The Minimal, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.
CVE-2026-32426 2 Themelexus, Wordpress 2 Medilazar Core, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.
CVE-2026-32366 2 Robfelty, Wordpress 2 Collapsing Categories, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.
CVE-2026-32340 2 Rarathemes, Wordpress 2 Business One Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through <= 1.3.2.
CVE-2026-32372 2 Radiustheme, Wordpress 2 Shopbuilder – Elementor Woocommerce Builder Addons, Wordpress 2026-04-22 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.
CVE-2026-32367 2 Wordpress, Ylefebvre 2 Wordpress, Modal Dialog 2026-04-22 9.1 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16.
CVE-2026-32360 2 Richplugins, Wordpress 2 Rich Showcase For Google Reviews, Wordpress 2026-04-22 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.