Search Results (12300 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32382 2 Raratheme, Wordpress 2 Digital Download, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.
CVE-2026-32445 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-04-22 2.7 Low
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
CVE-2026-32403 2 Toocheke, Wordpress 2 Toocheke Companion, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.
CVE-2026-32407 2 Wordpress, Wpclever 2 Wordpress, Wpc Smart Wishlist For Woocommerce 2026-04-22 4.3 Medium
Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.
CVE-2026-32411 2 Simpma, Wordpress 2 Embed Calendly, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.
CVE-2026-32336 2 Rarathemes, Wordpress 2 Rara Business, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.
CVE-2026-32415 2 Bogdan Bendziukov, Wordpress 2 Squeeze, Wordpress 2026-04-22 5 Medium
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
CVE-2026-31918 2 Immonex, Wordpress 2 Immonex Kickstart, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.
CVE-2026-32335 2 Rarathemes, Wordpress 2 The Conference, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32379 2 Raratheme, Wordpress 2 Rara Academic, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
CVE-2026-32420 2 Ruben Garcia, Wordpress 2 Gamipress, Wordpress 2026-04-22 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.
CVE-2026-32401 2 Boldgrid, Wordpress 2 Client Invoicing By Sprout Invoices, Wordpress 2026-04-22 7.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.
CVE-2026-32365 2 Robfelty, Wordpress 2 Collapsing Archives, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.
CVE-2026-32399 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.
CVE-2026-32443 2 Josh Kohlbach, Wordpress 2 Product Feed Pro For Woocommerce, Wordpress 2026-04-22 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
CVE-2026-32457 2 Wombat Plugins, Wordpress 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.
CVE-2026-32419 2 Fernandobriano, Wordpress 2 List Category Posts, Wordpress 2026-04-22 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1.
CVE-2026-32357 2 Katsushi Kawamori, Wordpress 2 Simple Blog Card, Wordpress 2026-04-22 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.37.
CVE-2026-32354 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-04-22 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
CVE-2026-32376 2 Raratheme, Wordpress 2 Kalon, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.