Export limit exceeded: 19311 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12659 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45658 | 2 Posimyth, Wordpress | 2 Nexter, Wordpress | 2026-04-15 | 7.6 High |
| Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3. | ||||
| CVE-2023-47232 | 2 Mojofywp, Wordpress | 2 Wp Affiliate Disclosure, Wordpress | 2026-04-15 | 4.3 Medium |
| Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6. | ||||
| CVE-2023-47683 | 2 Miniorange, Wordpress | 2 Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress | 2026-04-15 | 8 High |
| Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6. | ||||
| CVE-2023-47845 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. | ||||
| CVE-2023-48273 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2. | ||||
| CVE-2023-48335 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9. | ||||
| CVE-2023-48753 | 2 10up, Wordpress | 2 Restricted Site Access, Wordpress | 2026-04-15 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1. | ||||
| CVE-2023-48757 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4. | ||||
| CVE-2023-49741 | 2 Wordpress, Wpdevart | 2 Wordpress, Coming Soon And Maintenance Mode | 2026-04-15 | 3.7 Low |
| Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3. | ||||
| CVE-2023-49748 | 2 Wordpress, Wpserveur | 2 Wordpress, Wps Hide Login | 2026-04-15 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11. | ||||
| CVE-2023-51416 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2. | ||||
| CVE-2023-51526 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4. | ||||
| CVE-2023-52176 | 2 Miniorange, Wordpress | 2 Malware Scanner, Wordpress | 2026-04-15 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1. | ||||
| CVE-2023-52179 | 2 Webcodingplace, Wordpress | 2 Product Expiry For Woocommerce, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5. | ||||
| CVE-2023-52210 | 2 Tychesoftwares, Wordpress | 2 Product Delivery Date For Woocommerce Lite, Wordpress | 2026-04-15 | 5.3 Medium |
| Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0. | ||||
| CVE-2023-52224 | 2 Revolut, Wordpress | 2 Revolut Gateway For Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. | ||||
| CVE-2023-54333 | 2 Artlosk, Wordpress | 2 Social Share Buttons, Wordpress | 2026-04-15 | 8.2 High |
| Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents. | ||||
| CVE-2023-6492 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6708 | 2 Benbodhi, Wordpress | 2 Svg Support, Wordpress | 2026-04-15 | 5.4 Medium |
| The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image/svg+xml. | ||||
| CVE-2023-6813 | 2 Auth0, Wordpress | 2 Login By Auth0, Wordpress | 2026-04-15 | 6.1 Medium |
| The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||