Search Results (12300 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-11499 2 Essekia, Wordpress 2 Tablesome Table, Wordpress 2026-04-22 9.8 Critical
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image_from_external_url() function in all versions up to, and including, 1.1.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in configurations where unauthenticated users have been provided with a method for adding featured images, and the workflow trigger is created.
CVE-2024-32537 2 Joshuae1974, Wordpress 2 Flash Video Player, Wordpress 2026-04-22 7.1 High
Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4.
CVE-2026-3584 2 Wordpress, Wpchill 2 Wordpress, Kali Forms — Contact Form & Drag-and-drop Builder 2026-04-22 9.8 Critical
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of 'call_user_func' on these placeholder values. This makes it possible for unauthenticated attackers to execute code on the server.
CVE-2025-62043 2 Wordpress, Wpsight 2 Wordpress, Wpcasa 2026-04-22 6.5 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.
CVE-2026-0677 2 Totalsuite, Wordpress 2 Totalcontest, Wordpress 2026-04-22 N/A
Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1.
CVE-2024-31119 2 Vasilis Triantafyllou, Wordpress 2 Special Box For Content, Wordpress 2026-04-22 5.9 Medium
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Vasilis Triantafyllou Special Box for Content allows DOM-Based XSS.This issue affects Special Box for Content: from n/a through 1.
CVE-2026-32583 2 Webnus, Wordpress 2 Modern Events Calendar, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0.
CVE-2026-32338 2 Rarathemes, Wordpress 2 Construction Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
CVE-2026-32375 2 Raratheme, Wordpress 2 Travel Diaries, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.
CVE-2026-32348 2 Madrasthemes, Wordpress 2 Mas Videos, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
CVE-2026-32462 2 Liton Arefin, Wordpress 2 Master Addons For Elementor, Wordpress 2026-04-22 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.
CVE-2026-32372 2 Radiustheme, Wordpress 2 Shopbuilder – Elementor Woocommerce Builder Addons, Wordpress 2026-04-22 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.
CVE-2026-32390 2 Linethemes, Wordpress 2 Nanosoft, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
CVE-2026-32356 2 Robosoft, Wordpress 2 Robo Gallery, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through <= 5.1.2.
CVE-2026-32428 2 Ays-pro, Wordpress 2 Popup Like Box, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.
CVE-2026-32422 2 Levelfourdevelopment, Wordpress 2 Wp-easycart, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
CVE-2026-31917 2 Wedevs, Wordpress 2 Wp Erp, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
CVE-2026-32432 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.
CVE-2026-32415 2 Bogdan Bendziukov, Wordpress 2 Squeeze, Wordpress 2026-04-22 5 Medium
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
CVE-2026-32445 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-04-22 2.7 Low
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.