Export limit exceeded: 12767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12767 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22432 | 2 Ancorathemes, Wordpress | 2 Woopy, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through <= 1.2. | ||||
| CVE-2026-22431 | 2 Ancorathemes, Wordpress | 2 Wabi-sabi, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wabi-Sabi wabi-sabi allows PHP Local File Inclusion.This issue affects Wabi-Sabi: from n/a through <= 1.2. | ||||
| CVE-2026-22429 | 2 Mikado-themes, Wordpress | 2 Verdure, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Verdure verdure allows PHP Local File Inclusion.This issue affects Verdure: from n/a through <= 1.6. | ||||
| CVE-2026-22428 | 2 Ancorathemes, Wordpress | 2 Tooth Fairy, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue affects Tooth Fairy: from n/a through <= 1.16. | ||||
| CVE-2026-22425 | 2 Elated-themes, Wordpress | 2 Sweet Jane, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through <= 1.2. | ||||
| CVE-2026-22423 | 2 Select-themes, Wordpress | 2 Setsail, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through <= 1.8. | ||||
| CVE-2026-22415 | 2 Ancorathemes, Wordpress | 2 The Mounty, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through <= 1.1. | ||||
| CVE-2025-69090 | 2 Ovatheme, Wordpress | 2 Remons, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4. | ||||
| CVE-2026-22413 | 2 Mikado-themes, Wordpress | 2 Malgré, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Malgré malgre allows PHP Local File Inclusion.This issue affects Malgré: from n/a through <= 1.0.3. | ||||
| CVE-2026-22410 | 2 Mikado-themes, Wordpress | 2 Dolcino, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue affects Dolcino: from n/a through <= 1.6. | ||||
| CVE-2026-22405 | 2 Mikado-themes, Wordpress | 2 Overton, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Overton overton allows PHP Local File Inclusion.This issue affects Overton: from n/a through <= 1.3. | ||||
| CVE-2026-22399 | 2 Mikado-themes, Wordpress | 2 Holmes, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through <= 1.7. | ||||
| CVE-2026-22395 | 2 Mikado-themes, Wordpress | 2 Fiorello, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fiorello fiorello allows PHP Local File Inclusion.This issue affects Fiorello: from n/a through <= 1.0. | ||||
| CVE-2026-22394 | 2 Mikado-themes, Wordpress | 2 Evently, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Evently evently allows PHP Local File Inclusion.This issue affects Evently: from n/a through <= 1.7. | ||||
| CVE-2026-22385 | 2 Don-themes, Wordpress | 2 Wolmart, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through <= 1.9.6. | ||||
| CVE-2026-2628 | 2 Cyberlord92, Wordpress | 2 All-in-one Microsoft 365 & Entra Id / Azure Ad Sso Login, Wordpress | 2026-04-22 | 9.8 Critical |
| The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators. | ||||
| CVE-2026-27342 | 2 Mikado-themes, Wordpress | 2 Topfit - Fitness And Gym Wordpress Theme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through <= 1.9. | ||||
| CVE-2026-2583 | 2 Creativethemes, Wordpress | 2 Blocksy, Wordpress | 2026-04-22 | 6.4 Medium |
| The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-27340 | 2 Ancorathemes, Wordpress | 2 Apollo | Night Club, Dj Event Wordpress Theme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a through <= 1.3.1. | ||||
| CVE-2026-1980 | 2 Iqonicdesign, Wordpress | 2 Wpbookit, Wordpress | 2026-04-22 | 5.3 Medium |
| The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including names, emails, phone numbers, dates of birth, and gender. | ||||