Search
Search Results (366284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49781 | 2 Brainstorm Force, Wordpress | 2 Ottokit, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | ||||
| CVE-2026-48885 | 2 Groundhogg, Wordpress | 2 Hollerbox, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | ||||
| CVE-2026-40790 | 2 Veronalabs, Wordpress | 2 Wp Sms, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. | ||||
| CVE-2026-42651 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 6.3 Medium |
| Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. | ||||
| CVE-2026-48882 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | ||||
| CVE-2026-49056 | 2 Webtoffee, Wordpress | 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. | ||||
| CVE-2026-49068 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-06-16 | 7.5 High |
| Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | ||||
| CVE-2026-49083 | 2 Latepoint, Wordpress | 2 Latepoint, Wordpress | 2026-06-16 | 7.5 High |
| Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | ||||
| CVE-2016-20075 | 2 Etoilewebdesign, Wordpress | 2 Ultimate Product Catalog, Wordpress | 2026-06-16 | 8.8 High |
| WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server. | ||||
| CVE-2026-40793 | 2 Groundhogg, Wordpress | 2 Groundhogg, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | ||||
| CVE-2026-42640 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions. | ||||
| CVE-2026-42659 | 2 Nasirahmed, Wordpress | 2 Advanced Form Integration, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions. | ||||
| CVE-2026-48964 | 2 Elextensions, Wordpress | 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | ||||
| CVE-2026-48970 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Ssl, Wordpress | 2026-06-16 | 8.1 High |
| Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | ||||
| CVE-2026-49065 | 2 Hippooo, Wordpress | 2 Hippoo Mobile App For Woocommerce, Wordpress | 2026-06-16 | 8.2 High |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | ||||
| CVE-2026-52697 | 2 Taskbuilder, Wordpress | 2 Taskbuilder, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | ||||
| CVE-2026-34886 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. | ||||
| CVE-2025-63706 | 1 Afeiship | 1 Next-npm-version | 2026-06-16 | 9.8 Critical |
| NPM package next-npm-version1.0.1 is vulnerable to Command injection. | ||||
| CVE-2026-40781 | 2 Reviewx, Wordpress | 2 Reviewx, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. | ||||
| CVE-2026-40782 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | ||||