Sphere.xlentprojects CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 13), (line:1, col:14)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (335258 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-0912	2 Toret, Wordpress	2 Toret Manager, Wordpress	2026-02-20	8.8 High
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2026-2731	1 Dynamicweb	1 Dynamicweb	2026-02-20	N/A
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests
CVE-2026-27056	2 Stellarwp, Wordpress	2 Ithemes Sync, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
CVE-2026-23542	2 Themegoods, Wordpress	2 Grand Restaurant, Wordpress	2026-02-20	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
CVE-2026-23544	2 Codetipi, Wordpress	2 Valenti, Wordpress	2026-02-20	8.8 High
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
CVE-2026-23549	2 Magepeopleteam, Wordpress	2 Wpevently, Wordpress	2026-02-20	9.8 Critical
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
CVE-2026-23804	2 Bbr Plugins, Wordpress	2 Better Business Reviews, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
CVE-2026-24375	2 Wordpress, Wpswings	2 Wordpress, Ultimate Gift Cards For Woocommerce	2026-02-20	5.3 Medium
Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4.
CVE-2026-24392	2 Nabil Lemsieh, Wordpress	2 Hurrytimer, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.
CVE-2026-24999	2 Almapay, Wordpress	2 Alma, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1.
CVE-2026-25000	2 Kraftplugins, Wordpress	2 Wheel Of Life, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.2.0.
CVE-2026-25003	2 Madalin.ungureanu, Wordpress	2 Client Portal, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.
CVE-2026-25004	2 Creativemindssolutions, Wordpress	2 Cm Business Directory, Wordpress	2026-02-20	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through <= 1.5.3.
CVE-2026-25308	2 Wordpress, Wp.insider	2 Wordpress, Simple Membership	2026-02-20	4.3 Medium
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
CVE-2026-25310	2 Alobaidi, Wordpress	2 Extend Link, Wordpress	2026-02-20	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0.
CVE-2026-25311	2 10up, Wordpress	2 Autoshare For Twitter, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.
CVE-2026-25314	2 Wordpress, Wp Messiah	2 Wordpress, Top Table Of Contents	2026-02-20	4.3 Medium
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
CVE-2026-25318	2 Wisernotify Team, Wordpress	2 Wiserreview Product Reviews For Woocommerce, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25319	2 Wordpress, Wpzita	2 Wordpress, Zita Elementor Site Library	2026-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6.
CVE-2026-25320	2 Cool Plugins, Wordpress	2 Elementor Contact Form Db, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.

« first previous Page 397 of 16763. next last »