Search

Expected end of text, found '.' (at char 40), (line:1, col:41)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347031 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-35910 1 Quasar-form 1 Quasar Form 2026-04-28 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.
CVE-2023-35911 1 Creative-solutions 1 Contact Form Generator 2026-04-28 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.
CVE-2023-35883 1 Magazine3 1 Core Web Vitals \& Pagespeed Booster 2026-04-28 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.
CVE-2023-35876 1 Automattic 1 Woocommerce Square 2026-04-28 8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1.
CVE-2023-35879 1 Woo 1 Product Vendors 2026-04-28 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.
CVE-2023-35909 1 Ninjaforms 1 Ninja Forms 2026-04-28 5.3 Medium
Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.
CVE-2023-35877 1 Vadimk 1 Extra User Details 2026-04-28 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.
CVE-2023-35875 2 Jegstudio, Wordpress 2 Gutenverse, Wordpress 2026-04-28 5.3 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.
CVE-2023-35777 2026-04-28 5.3 Medium
Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2.
CVE-2023-35091 1 Storeapps 1 Stock Manager For Woocommerce 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.
CVE-2023-35096 1 Wpexperts 1 Mycred 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
CVE-2023-35052 2026-04-28 4.3 Medium
Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4.
CVE-2023-35051 1 Cimatti 1 Wordpress Contact Forms 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7.
CVE-2023-35046 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5.
CVE-2023-35050 2 Elementor, Wordpress 2 Elementor Pro, Wordpress 2026-04-28 5.4 Medium
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.
CVE-2023-35040 1 Pressified 1 Sendpress 2026-04-28 5.3 Medium
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.
CVE-2023-34382 1 Dokan 1 Dokan 2026-04-28 4.4 Medium
Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19.
CVE-2023-35039 1 Bedevious 1 Password Reset With Code For Wordpress Rest Api 2026-04-28 9.8 Critical
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
CVE-2023-34386 1 Wpclever 1 Wpc Smart Wishlist For Woocommerce 2026-04-28 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.
CVE-2023-34383 1 Wedevs 1 Wp Project Manager 2026-04-28 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.