Filtered by vendor Wordpress
Subscriptions
Total
10428 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24616 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 6.5 Medium |
| Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3. | ||||
| CVE-2026-24614 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.8. | ||||
| CVE-2026-24612 | 2 Themebeez, Wordpress | 2 Orchid Store, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15. | ||||
| CVE-2026-24608 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through <= 2.4.1. | ||||
| CVE-2026-24606 | 3 Web Impian, Woocommerce, Wordpress | 3 Bayarcash Woo Commerce, Woocommerce, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.11. | ||||
| CVE-2026-24605 | 2 Pencilwp, Wordpress | 2 X Addons For Elementor, Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23. | ||||
| CVE-2026-24604 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0. | ||||
| CVE-2026-24603 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8. | ||||
| CVE-2026-24600 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5. | ||||
| CVE-2026-24599 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-01-26 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2026-24598 | 2 Bestwebsoft, Wordpress | 2 Multilanguage, Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2. | ||||
| CVE-2026-24595 | 2 Wordpress, Zohocorp | 2 Wordpress, Zoho Crm Lead Magnet | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5. | ||||
| CVE-2026-24591 | 2 Wordpress, Yasir129 | 2 Wordpress, Turn Yoast Seo Faq Block To Accordion | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6. | ||||
| CVE-2026-24589 | 2 Cargus Ecommerce, Wordpress | 2 Cargus, Wordpress | 2026-01-26 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8. | ||||
| CVE-2026-24585 | 3 Hyyan Abo Fakher, Woocommerce, Wordpress | 3 Hyyan Woocommerce Polylang Integration, Woocommerce, Wordpress | 2026-01-26 | 6.5 Medium |
| Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0. | ||||
| CVE-2026-24576 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0. | ||||
| CVE-2026-24572 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0. | ||||
| CVE-2026-24561 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1. | ||||
| CVE-2026-24558 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1. | ||||
| CVE-2026-24633 | 2 Passionatebrains, Wordpress | 2 Add Expires Headers \& Optimized Minify, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.1.0. | ||||