Search

Expected end of text, found '.' (at char 16), (line:1, col:17)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343523 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39504 2 Instawp, Wordpress 2 Instawp Connect, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.
CVE-2026-39526 2 Wordpress, Wpstream 2 Wordpress, Wpstream 2026-04-08 N/A
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.
CVE-2026-39543 2 Themefic, Wordpress 2 Tourfic, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.
CVE-2026-39562 2 Boldgrid, Wordpress 2 Client Invoicing By Sprout Invoices, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.
CVE-2026-39585 2 Arraytics, Wordpress 2 Booktics, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.
CVE-2026-39605 2 Obadiah, Wordpress 2 Super Custom Login, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39607 2 Wordpress, Wpbens 2 Wordpress, Filter Plus 2026-04-08 N/A
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17.
CVE-2026-39615 2 Shahjada, Wordpress 2 Download Manager, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.
CVE-2026-39633 2 Themegoods, Wordpress 2 Grand Car Rental, Wordpress 2026-04-08 N/A
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.
CVE-2026-39644 2 Roxnor, Wordpress 2 Wp Ultimate Review, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8.
CVE-2026-39649 2 Themebeez, Wordpress 2 Royale News, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4.
CVE-2026-39671 2 Dotstore, Wordpress 2 Extra Fees Plugin For Woocommerce, Wordpress 2026-04-08 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.
CVE-2026-32283 1 Go Standard Library 1 Crypto Tls 2026-04-08 N/A
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
CVE-2026-39693 2 Fesomia, Wordpress 2 Fsm Custom Featured Image Caption, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.
CVE-2026-39701 2 Andrew, Wordpress 2 Shopwp, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.
CVE-2026-39699 2 Massiveshift, Wordpress 2 Ai Workflow Automation, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through <= 1.4.2.
CVE-2026-39689 2 Eshipper, Wordpress 2 Eshipper Commerce, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39687 2 Rapid Car Check, Wordpress 2 Rapid Car Check Vehicle Data, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.
CVE-2026-39686 2 Bannersky, Wordpress 2 Bsk Pdf Manager, Wordpress 2026-04-08 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
CVE-2026-39684 2 Untheme, Wordpress 2 Organicfood, Wordpress 2026-04-08 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affects OrganicFood: from n/a through <= 3.6.4.