Search

Expected end of text, found '.' (at char 12), (line:1, col:13)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346208 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-23978 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.
CVE-2026-23977 2 Wordpress, Wpfactory 2 Wordpress, Helpdesk Support Ticket System For Woocommerce 2026-04-23 7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-23976 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.
CVE-2026-23975 2 Uxper, Wordpress 2 Golo, Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23974 2 Uxper, Wordpress 2 Golo, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
CVE-2026-23972 2 Magepeople, Wordpress 2 Booking & Rental Manager, Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.
CVE-2026-23799 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.
CVE-2026-23550 2 Modular, Wordpress 2 Modular, Wordpress 2026-04-23 10 Critical
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
CVE-2026-23548 2 Designinvento, Wordpress 2 Directorypress, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.25.
CVE-2026-23543 2 Wordpress, Wpdeveloper 2 Wordpress, Essential Addons For Elementor 2026-04-23 5.3 Medium
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5.
CVE-2026-23541 2 Getwpfunnels, Wordpress 2 Mail Mint, Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.
CVE-2026-22522 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through <= 2.2.3.
CVE-2026-22521 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework handmade-framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through <= 3.9.
CVE-2026-22519 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through <= 1.6.2.
CVE-2026-22518 2 Pencilwp, Wordpress 2 X Addons For Elementor, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
CVE-2026-22517 2 Passionate Brains, Wordpress 2 Ga4wp, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
CVE-2026-22492 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.
CVE-2026-22490 2 Niklaslindemann, Wordpress 2 Bulk Landing Page Creator For Wordpress Lpagery, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through <= 2.4.9.
CVE-2026-22489 2 Wordpress, Wptexture 2 Wordpress, Image Slider Slideshow 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through <= 1.8.
CVE-2026-22488 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashboard-welcome-for-beaver-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through <= 1.0.8.