Search Results (366631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25437 2 Wordpress, سید محمدامین هاشمی 2 Wordpress, Gzseo 2026-04-24 6.5 Medium
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.
CVE-2026-25460 2 Liquidthemes, Wordpress 2 Ave Core, Wordpress 2026-04-24 6.3 Medium
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
CVE-2026-25464 2 Tielabs, Wordpress 2 Jannah, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4.
CVE-2026-4841 1 Code-projects 1 Online Food Ordering System 2026-04-24 7.3 High
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4846 1 Dameng100 1 Muucmf 2026-04-24 4.3 Medium
A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the file channel/admin.Account/autoReply.html. Such manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-4847 1 Dameng100 1 Muucmf 2026-04-24 4.3 Medium
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-4848 1 Dameng100 1 Muucmf 2026-04-24 4.3 Medium
A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects an unknown function of the file /admin/extend/list.html. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-27039 2 Aa-team, Wordpress 2 Wzone, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27040 2 Aa-team, Wordpress 2 Wzone, Wordpress 2026-04-24 8.8 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27044 2 Totalsuite, Wordpress 2 Total Poll Lite, Wordpress 2026-04-24 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.
CVE-2026-27047 2 Mikado-themes, Wordpress 2 Curly, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6.
CVE-2026-27049 2 Nootheme, Wordpress 2 Jobica Core, Wordpress 2026-04-24 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
CVE-2026-27054 2 Pencidesign, Wordpress 2 Penci Soledad Data Migrator, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from n/a through <= 1.3.1.
CVE-2026-27079 2 Mikado-themes, Wordpress 2 Amfissa, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.
CVE-2026-27084 2 Themerex, Wordpress 2 Buisson, Wordpress 2026-04-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11.
CVE-2026-32489 2 Bplugins, Wordpress 2 B Blocks, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32491 2 Jgwhite33, Wordpress 2 Wp Review Slider, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9.
CVE-2026-32512 2 Edge-themes, Wordpress 2 Pelicula, Wordpress 2026-04-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.
CVE-2026-32513 2 Miguel Useche, Wordpress 2 Js Archive List, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.
CVE-2026-32516 2 Kamleshyadav, Wordpress 2 Miraculous Core Plugin, Wordpress 2026-04-24 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2.