Search

Expected end of text, found '.' (at char 59), (line:1, col:60)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343533 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39628 2 Kutethemes, Wordpress 2 Dukamarket, Wordpress 2026-04-08 N/A
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0.
CVE-2026-39630 2 Getty Images, Wordpress 2 Getty Images, Wordpress 2026-04-08 N/A
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.
CVE-2026-39648 2 Themebeez, Wordpress 2 Cream Blog, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
CVE-2026-39659 2 Ultimatemember, Wordpress 2 Ultimate Member, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3.
CVE-2026-39662 2 Prowcplugins, Wordpress 2 Product Price By Formula For Woocommerce, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.
CVE-2026-39664 2 Leadrebel, Wordpress 2 Leadrebel, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.
CVE-2026-39665 2 Vladimir Prelovac, Wordpress 2 Seo Friendly Images, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
CVE-2026-39673 2 Shrikantkale, Wordpress 2 Izooto, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39675 2 Webmuehle, Wordpress 2 Court Reservation, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
CVE-2026-39479 2 Brainstorm Force, Wordpress 2 Ottokit, Wordpress 2026-04-08 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through <= 1.1.20.
CVE-2026-39500 2 Themesflat, Wordpress 2 Themesflat Addons For Elementor, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2.
CVE-2026-39504 2 Instawp, Wordpress 2 Instawp Connect, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.
CVE-2026-39526 2 Wordpress, Wpstream 2 Wordpress, Wpstream 2026-04-08 N/A
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.
CVE-2026-39543 2 Themefic, Wordpress 2 Tourfic, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.
CVE-2026-39562 2 Boldgrid, Wordpress 2 Client Invoicing By Sprout Invoices, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.
CVE-2026-39585 2 Arraytics, Wordpress 2 Booktics, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.
CVE-2026-39605 2 Obadiah, Wordpress 2 Super Custom Login, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39607 2 Wordpress, Wpbens 2 Wordpress, Filter Plus 2026-04-08 N/A
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17.
CVE-2026-39615 2 Shahjada, Wordpress 2 Download Manager, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.
CVE-2026-39633 2 Themegoods, Wordpress 2 Grand Car Rental, Wordpress 2026-04-08 N/A
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.