Search

Expected end of text, found '.' (at char 38), (line:1, col:39)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343968 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39640 2 Mndpsingh287, Wordpress 2 Theme Editor, Wordpress 2026-04-08 N/A
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.
CVE-2026-39660 2 Automattic, Wordpress 2 Wp Job Manager, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1.
CVE-2026-39663 2 Themetechmount, Wordpress 2 Truebooker, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.
CVE-2026-39665 2 Vladimir Prelovac, Wordpress 2 Seo Friendly Images, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
CVE-2026-39667 2 Jongmyoung Kim, Wordpress 2 Korea Sns, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
CVE-2026-39673 2 Shrikantkale, Wordpress 2 Izooto, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39469 2 Softaculous, Wordpress 2 Pagelayer, Wordpress 2026-04-08 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.
CVE-2026-39484 2 John Darrel, Wordpress 2 Hide My Wp Ghost, Wordpress 2026-04-08 N/A
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
CVE-2026-39588 2 Nmerii, Wordpress 2 Nm Gift Registry And Wishlist Lite, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through <= 5.13.
CVE-2026-39606 2 Foysal Imran, Wordpress 2 Bizreview, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.
CVE-2026-39626 2 Kutethemes, Wordpress 2 Armania, Wordpress 2026-04-08 N/A
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.
CVE-2026-39669 2 Nitropack, Wordpress 2 Nitropack, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.
CVE-2026-39643 2 Payment Plugins, Wordpress 2 Payment Plugins For Paypal Woocommerce, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.
CVE-2026-39476 2 Syed Balkhi, Wordpress 2 User Feedback, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2026-39510 2 Wordpress, Wpchill 2 Wordpress, Image Photo Gallery Final Tiles Grid 2026-04-08 N/A
Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11.
CVE-2026-39516 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-04-08 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
CVE-2026-39520 2 Wedevs, Wordpress 2 Wedocs, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.
CVE-2026-39608 2 Ipospays, Wordpress 2 Ipospays Gateways Wc, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.
CVE-2026-39622 2 Acmethemes, Wordpress 2 Education Base, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
CVE-2026-39630 2 Getty Images, Wordpress 2 Getty Images, Wordpress 2026-04-08 N/A
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.