5.1 CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 55), (line:1, col:56)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346708 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-27087	2 G5theme, Wordpress	2 Wolverine Framework, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9.
CVE-2026-32491	2 Jgwhite33, Wordpress	2 Wp Review Slider, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9.
CVE-2026-25469	2 Viabill For Woocommerce, Wordpress	2 Viabill – Woocommerce, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through <= 1.1.53.
CVE-2026-32489	2 Bplugins, Wordpress	2 B Blocks, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32508	2 Mikado-themes, Wordpress	2 Halstein, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8.
CVE-2026-31914	2 Hookandhook, Wordpress	2 Wp Courses Lms, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through <= 3.2.26.
CVE-2026-32510	2 Edge-themes, Wordpress	2 Kamperen, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
CVE-2026-32514	2 Anton Voytenko, Wordpress	2 Petitioner, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3.
CVE-2026-32542	2 Themefusion, Wordpress	2 Fusion Builder, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through < 3.15.0.
CVE-2026-32562	2 Wordpress, Wp Folio Team	2 Wordpress, Ppwp	2026-04-24	5.4 Medium
Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15.
CVE-2026-32517	2 Kleor, Wordpress	2 Contact Manager, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through <= 9.1.
CVE-2026-32492	2 Joe Dolson, Wordpress	2 My Tickets, Wordpress	2026-04-24	5.3 Medium
Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.
CVE-2026-32498	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-1986	2 Bakkbone, Wordpress	2 Floristpress For Woo – Customize Your Ecommerce Store For Your Florist, Wordpress	2026-04-24	6.1 Medium
The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied 'noresults' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2026-32509	2 Edge-themes, Wordpress	2 Gracey, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4.
CVE-2026-27084	2 Themerex, Wordpress	2 Buisson, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11.
CVE-2026-32506	2 Edge-themes, Wordpress	2 Archicon, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.
CVE-2026-32541	2 Premmerce, Wordpress	2 Premmerce Redirect Manager, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
CVE-2026-27081	2 Mikado-themes, Wordpress	2 Rosebud, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4.
CVE-2026-32523	2 Denishua, Wordpress	2 Wpjam Basic, Wordpress	2026-04-24	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.

« first previous Page 100 of 17336. next last »