Search

Expected end of text, found '–' (at char 42), (line:1, col:43)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344999 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23541 2 Getwpfunnels, Wordpress 2 Mail Mint, Wordpress 2026-04-16 N/A
Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.
CVE-2026-23545 2 Arubadev, Wordpress 2 Aruba Hispeed Cache, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.
CVE-2026-23547 2 Cmsmasters, Wordpress 2 Cmsmasters Content Composer, Wordpress 2026-04-16 7.1 High
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
CVE-2026-23549 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-04-16 9.8 Critical
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
CVE-2026-23804 2 Bbr Plugins, Wordpress 2 Better Business Reviews, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2026-23805 2 Wordpress, Yoren Chang 2 Wordpress, Media Search Enhanced 2026-04-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.
CVE-2026-25006 2 8theme, Wordpress 2 Xstore, Wordpress 2026-04-16 5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through <= 9.6.4.
CVE-2026-25008 2 Shahjahan Jewel, Wordpress 2 Ninja Tables, Wordpress 2026-04-16 4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
CVE-2026-25316 2 Brainstormforce, Wordpress 2 Cartflows, Wordpress 2026-04-16 7.2 High
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.
CVE-2026-25318 2 Wisernotify Team, Wordpress 2 Wiserreview Product Reviews For Woocommerce, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25319 2 Wordpress, Wpzita 2 Wordpress, Zita Elementor Site Library 2026-04-16 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6.
CVE-2026-25321 2 Psm Plugins, Wordpress 2 Supportcandy, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
CVE-2026-25324 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-04-16 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25337 2 Wordpress, Wpcoachify 2 Wordpress, Coachify 2026-04-16 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.
CVE-2026-25370 2 Aresit, Wordpress 2 Wp Compress, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.
CVE-2026-25378 2 Neliosoftware, Wordpress 2 Nelio Ab Testing, Wordpress 2026-04-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
CVE-2026-25385 2 Kaizencoders, Wordpress 2 Url Shortify, Wordpress 2026-04-16 5.5 Medium
Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.
CVE-2026-25386 2 Elementor, Wordpress 2 Ally, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.
CVE-2026-25388 2 Scripteo, Wordpress 2 Ads Pro, Wordpress 2026-04-16 5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2026-25395 2 Ikreatethemes, Wordpress 2 Business Roy, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.