Export limit exceeded: 10464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12802 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12802 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2595 | 2 Wordpress, Wpquads | 2 Wordpress, Quads Ads Manager For Google Adsense | 2026-04-24 | 5.4 Medium |
| The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output escaping of multiple ad metadata parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-2442 | 2 Softaculous, Wordpress | 2 Page Builder: Pagelayer – Drag And Drop Website Builder, Wordpress | 2026-04-24 | 5.3 Medium |
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on attacker-controlled form fields and then passing the resulting values into email headers without removing CR/LF characters. This makes it possible for unauthenticated attackers to inject arbitrary email headers (for example Bcc / Cc) and abuse form email delivery via the 'email' parameter granted they can target a contact form configured to use placeholders in mail template headers. | ||||
| CVE-2026-4248 | 2 Ultimatemember, Wordpress | 2 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, Wordpress | 2026-04-24 | 8 High |
| The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authenticated attackers, with Contributor-level access and above, to craft a malicious pending post that, when previewed by an Administrator, generates a password reset token for the Administrator and exfiltrates it to an attacker-controlled server, leading to full account takeover. | ||||
| CVE-2025-12886 | 2 Laborator, Wordpress | 2 Oxygen - Woocommerce Wordpress Theme, Wordpress | 2026-04-24 | 7.2 High |
| The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2026-1307 | 2 Kstover, Wordpress | 2 Ninja Forms – The Contact Form Builder That Grows With You, Wordpress | 2026-04-24 | 6.5 Medium |
| The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.1 via a callback function for the admin_enqueue_scripts action handler in blocks/bootstrap.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to gain access to an authorization token to view form submissions for arbitrary forms, which could potentially contain sensitive information. | ||||
| CVE-2026-4987 | 2 Brainstormforce, Wordpress | 2 Sureforms – Contact Form, Payment Form & Other Custom Form Builder, Wordpress | 2026-04-24 | 7.5 High |
| The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-controlled parameter. This makes it possible for unauthenticated attackers to bypass configured form payment-amount validation and create underpriced payment/subscription intents by setting form_id to 0. | ||||
| CVE-2026-3098 | 2 Nextendweb, Wordpress | 2 Smart Slider 3, Wordpress | 2026-04-24 | 6.5 Medium |
| The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2026-4389 | 2 Hupe13, Wordpress | 2 Dsgvo Snippet For Leaflet Map And Its Extensions, Wordpress | 2026-04-24 | 6.4 Medium |
| The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes (`unset`, `before`, `after`). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-4331 | 2 Pr-gateway, Wordpress | 2 Blog2social: Social Media Auto Post & Scheduler, Wordpress | 2026-04-24 | 4.3 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as the plugin grants 'blog2social_access' capability to all roles upon activation, allowing them to access the plugin's admin pages where the nonce is output. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all _b2s_post_meta records from the wp_postmeta table, permanently removing all custom social media meta tags for every post on the site. | ||||
| CVE-2026-4281 | 2 Trainingbusinesspros, Wordpress | 2 Formlift For Infusionsoft Web Forms, Wordpress | 2026-04-24 | 5.3 Medium |
| The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect() and listen_for_tokens() methods of the FormLift_Infusionsoft_Manager class, both of which are hooked to 'plugins_loaded' and execute on every page load. The connect() function generates an OAuth connection password and leaks it in the redirect Location header without verifying the requesting user is authenticated or authorized. The listen_for_tokens() function only validates the temporary password but performs no user authentication before calling update_option() to save attacker-controlled OAuth tokens and app domain. This makes it possible for unauthenticated attackers to hijack the site's Infusionsoft connection by first triggering the OAuth flow to obtain the temporary password, then using that password to set arbitrary OAuth tokens and app domain via update_option(), effectively redirecting the plugin's API communication to an attacker-controlled server. | ||||
| CVE-2026-4278 | 2 Specialk, Wordpress | 2 Simple Download Counter, Wordpress | 2026-04-24 | 6.4 Medium |
| The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' and 'cat' attributes. The 'text' attribute is output directly into HTML content on line 159 without any escaping (e.g., esc_html()). The 'cat' attribute is used unescaped in HTML class attributes on lines 135 and 157 without esc_attr(). This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-4075 | 2 Wordpress, Xenioushk | 2 Wordpress, Bwl Advanced Faq Manager Lite | 2026-04-24 | 6.4 Medium |
| The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sbox_id', 'sbox_class', 'placeholder', 'highlight_color', 'highlight_bg', and 'cont_ext_class'. These attributes are directly interpolated into HTML element attributes without any esc_attr() escaping in the baf_sbox() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-2931 | 2 Ameliabooking, Wordpress | 2 Booking For Appointments And Events Calendar, Wordpress | 2026-04-24 | 8.8 High |
| The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with customer-level permissions or above to change user passwords and potentially take over administrator accounts. The vulnerability is in the pro plugin, which has the same slug. | ||||
| CVE-2026-2511 | 2 Rabilal, Wordpress | 2 Js Help Desk – Ai-powered Support & Ticketing System, Wordpress | 2026-04-24 | 7.5 High |
| The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and including, 3.0.4. This is due to the user-supplied `multiformid` value being passed to `esc_sql()` without enclosing the result in quotes in the SQL query, rendering the escaping ineffective against payloads that do not contain quote characters. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-2231 | 2 Techjewel, Wordpress | 2 Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution, Wordpress | 2026-04-24 | 7.2 High |
| The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1986 | 2 Bakkbone, Wordpress | 2 Floristpress For Woo – Customize Your Ecommerce Store For Your Florist, Wordpress | 2026-04-24 | 6.1 Medium |
| The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied 'noresults' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-1032 | 2 Themify, Wordpress | 2 Conditional Menus, Wordpress | 2026-04-24 | 4.3 Medium |
| The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-4758 | 2 Wordpress, Wpjobportal | 2 Wordpress, Wp Job Portal – Ai-powered Recruitment System For Company Or Job Board Website | 2026-04-24 | 8.8 High |
| The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2026-32537 | 2 Visualportfolio, Wordpress | 2 Visual Portfolio, Photo Gallery & Post Grid, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <= 3.5.1. | ||||
| CVE-2026-32536 | 2 Halfdata, Wordpress | 2 Stripe Green Downloads, Wordpress | 2026-04-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08. | ||||