Export limit exceeded: 356062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356062 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11620 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 7.2 High |
| The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpu_add_multiple_roles_ui' and 'mrpu_save_multiple_user_roles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, granted the 'edit_users' capability, to edit any user's role, including promoting users to Administrator and demoting Administrators to lower-privileged roles. | ||||
| CVE-2025-11734 | 2 Aioseo, Wordpress | 2 Broken Link Checker, Wordpress | 2026-04-22 | 5.4 Medium |
| The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only checks for a broad capability (aioseo_blc_broken_links_page) that is granted to contributor level users, without verifying the user's permission to perform actions on the specific post being targeted. This makes it possible for authenticated attackers, with contributor level access and above, to trash arbitrary posts via the DELETE /wp-json/aioseoBrokenLinkChecker/v1/post endpoint. | ||||
| CVE-2025-12955 | 3 Rajeshsingh520, Woocommerce, Wordpress | 3 Live Sales Notification For Woocommerce, Woocommerce, Wordpress | 2026-04-22 | 7.5 High |
| The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to display recent order information. This makes it possible for unauthenticated attackers to extract sensitive customer information including buyer first names, city, state, country, purchase time and date, and product details. | ||||
| CVE-2025-11368 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-22 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 4.2.9.4. This is due to missing capability checks in the REST endpoint /wp-json/lp/v1/load_content_via_ajax which allows arbitrary callback execution of admin-only template methods. This makes it possible for unauthenticated attackers to retrieve admin curriculum HTML, quiz questions with correct answers, course materials, and other sensitive educational content via the REST API endpoint granted they can supply valid numeric IDs. | ||||
| CVE-2025-12746 | 2 Tainacan, Wordpress | 2 Tainacan, Wordpress | 2026-04-22 | 6.1 Medium |
| The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-12660 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-13322 | 2 Husainali52, Wordpress | 2 Wp Audio Gallery, Wordpress | 2026-04-22 | 8.1 High |
| The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the `wpag_uploadaudio_callback()` AJAX handler not properly validating user-supplied file paths in the `audio_upload` parameter before passing them to `unlink()`. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when critical files like wp-config.php are deleted. | ||||
| CVE-2025-12086 | 2 Wordpress, Wpswings | 2 Wordpress, Return Refund And Exchange For Woocommerce | 2026-04-22 | 4.3 Medium |
| The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wps_rma_cancel_return_request' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other users refund requests. | ||||
| CVE-2025-12170 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 5.3 Medium |
| The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_ajax_nopriv_checkbox_clean_log' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files. | ||||
| CVE-2025-11801 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12894 | 2 Jcollings, Wordpress | 2 Import Wp, Wordpress | 2026-04-22 | 5.3 Medium |
| The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.17 via the import/export functionality and a lack of .htaccess protection. This makes it possible for unauthenticated attackers to extract sensitive data from exports stored in /exportwp and import data stored in /importwp. | ||||
| CVE-2025-11803 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsite_y shortcode and the 'before' attribute in the wpsite_postauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping in error messages. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12039 | 2 Devsmip, Wordpress | 2 Bigbuy Dropshipping Connector For Woocommerce, Wordpress | 2026-04-22 | 5.3 Medium |
| The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to retrieve the output of phpinfo(). | ||||
| CVE-2025-11186 | 2 Hu-manity, Wordpress | 2 Cookie Notice & Compliance For Gdpr / Ccpa, Wordpress | 2026-04-22 | 6.4 Medium |
| The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookies_accepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12043 | 2 Autochat, Wordpress | 2 Automatic Conversation, Wordpress | 2026-04-22 | 5.3 Medium |
| The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_auycht_saveCid' AJAX endpoint in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to connect and disconnect the client ID. | ||||
| CVE-2025-12578 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 4.3 Medium |
| The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12666 | 2 Oscaruh, Wordpress | 2 Google Drive Upload And Download Link, Wordpress | 2026-04-22 | 6.4 Medium |
| The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-13387 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2026-04-22 | 7.2 High |
| The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-41193 | 1 Freescout Helpdesk | 1 Freescout | 2026-04-22 | 9.1 Critical |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Version 1.8.215 fixes the vulnerability. | ||||
| CVE-2026-41192 | 1 Freescout Helpdesk | 1 Freescout | 2026-04-22 | 7.1 High |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to `Attachment::deleteByIds()`. Because `load_attachments` returns encrypted IDs for attachments on a visible conversation, a mailbox peer can replay those IDs through `save_draft` and delete the original attachment row and file. Version 1.8.215 fixes the vulnerability. | ||||