Search

Expected end of text, found ':' (at char 26), (line:1, col:27)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (329521 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22472 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.
CVE-2026-24374 2 Metagauss, Wordpress 2 Registrationmagic, Wordpress 2026-01-23 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.
CVE-2026-24388 1 Wordpress 1 Wordpress 2026-01-23 4.3 Medium
Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.
CVE-2026-22483 1 Wordpress 1 Wordpress 2026-01-23 N/A
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.
CVE-2026-24365 2 Storeapps, Wordpress 2 Stock Manager For Woocommerce, Wordpress 2026-01-23 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.
CVE-2026-24360 2 Craig Hewitt, Wordpress 2 Seriously Simple Podcasting, Wordpress 2026-01-23 4.6 Medium
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.
CVE-2026-24389 2 Wordpress, Wpchill 2 Wordpress, Gallery Photoblocks 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.
CVE-2026-22360 1 Wordpress 1 Wordpress 2026-01-23 N/A
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4.
CVE-2025-69300 2 Leap13, Wordpress 2 Premium Addons For Elementor, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.
CVE-2026-22430 2 Mikado-themes, Wordpress 2 Verdure, Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.
CVE-2025-69190 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.
CVE-2026-22462 1 Wordpress 1 Wordpress 2026-01-23 N/A
Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5.
CVE-2025-69292 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-01-23 N/A
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2026-24377 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-01-23 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.
CVE-2026-22426 1 Wordpress 1 Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2025-69321 2 Themegoods, Wordpress 2 Grand Spa, Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through <= 3.5.5.
CVE-2026-24380 2 Metagauss, Wordpress 2 Eventprime, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.
CVE-2026-22464 2 Wordpress, Wphocus 2 Wordpress, My Auctions Allegro 2026-01-23 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.
CVE-2026-24390 3 Elementor, Qantumthemes, Wordpress 3 Elementor, Kentha Elementor Widgets, Wordpress 2026-01-23 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
CVE-2025-69184 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.