Export limit exceeded: 10475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25391 | 2 Wordpress, Wp Grids | 2 Wordpress, Wp Wand | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07. | ||||
| CVE-2026-25394 | 2 Sparklewpthemes, Wordpress | 2 Fitness Fse, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6. | ||||
| CVE-2026-25399 | 2 Cryoutcreations, Wordpress | 2 Serious Slider, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7. | ||||
| CVE-2026-25402 | 2 Echoplugins, Wordpress | 2 Knowledge Base For Documentation, Faqs With Ai Assistance, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0. | ||||
| CVE-2026-25404 | 2 Automattic, Wordpress | 2 Wp Job Manager, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0. | ||||
| CVE-2026-25409 | 2 Crgeary, Wordpress | 2 Jamstack Deployments, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1. | ||||
| CVE-2026-25410 | 2 Tstephenson, Wordpress | 2 Wp-cors, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2. | ||||
| CVE-2026-25415 | 2 Iqonicdesign, Wordpress | 2 Wpbookit Pro, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | ||||
| CVE-2006-3389 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. | ||||
| CVE-2005-4463 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1. | ||||
| CVE-2006-0986 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure. | ||||
| CVE-2005-2612 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. | ||||
| CVE-2006-4028 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). | ||||
| CVE-2005-1688 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | ||||
| CVE-2006-4743 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. | ||||
| CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | ||||
| CVE-2005-2108 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. | ||||
| CVE-2005-2107 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. | ||||
| CVE-2005-1810 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. | ||||
| CVE-2005-1687 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. | ||||