Search
Search Results (338058 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25441 | 2 Leadconnector, Wordpress | 2 Leadconnector, Wordpress | 2026-02-20 | 5.3 Medium |
| Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21. | ||||
| CVE-2026-25459 | 2 Uixthemes, Wordpress | 2 Sober, Wordpress | 2026-02-20 | 4.3 Medium |
| Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12. | ||||
| CVE-2026-25463 | 2 Wordpress, Wpestate | 2 Wordpress, Wpresidence Core | 2026-02-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through <= 5.4.0. | ||||
| CVE-2026-25473 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-02-20 | 5.4 Medium |
| Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31. | ||||
| CVE-2026-27042 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Notificationx | 2026-02-20 | 5.3 Medium |
| Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1. | ||||
| CVE-2026-27050 | 2 Thimpress, Wordpress | 2 Realpress, Wordpress | 2026-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0. | ||||
| CVE-2026-27052 | 2 Villatheme, Wordpress | 2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress | 2026-02-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through <= 1.1.8.1. | ||||
| CVE-2026-27066 | 2 Pi Web Solution, Wordpress | 2 Live Sales Notification For Woocommerce, Wordpress | 2026-02-20 | 5.3 Medium |
| Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46. | ||||
| CVE-2026-27090 | 2 Wordpress, Wp Moose | 2 Wordpress, Kenta Companion | 2026-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3. | ||||
| CVE-2026-27092 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-02-20 | 6.5 Medium |
| Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.2.11. | ||||
| CVE-2026-25527 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-02-20 | 5.3 Medium |
| changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to `/app/changedetectionio`, enabling unauthenticated local file read of application source files (e.g., `flask_app.py`). Version 0.53.2 fixes the issue. | ||||
| CVE-2025-71247 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71248 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71249 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-71250 | 1 Spip | 1 Spip | 2026-02-20 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-27325 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27324 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27323 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27322 | 2026-02-20 | N/A | ||
| Not used | ||||
| CVE-2026-27321 | 2026-02-20 | N/A | ||
| Not used | ||||