Search

Expected end of text, found '.' (at char 18), (line:1, col:19)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343972 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39604 2 Wordpress, Zookatron 2 Wordpress, Mybooktable Bookstore 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
CVE-2026-39608 2 Ipospays, Wordpress 2 Ipospays Gateways Wc, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.
CVE-2026-39610 2 Pankaj Kumar, Wordpress 2 Wpxmas-snow, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.
CVE-2026-39622 2 Acmethemes, Wordpress 2 Education Base, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
CVE-2026-39628 2 Kutethemes, Wordpress 2 Dukamarket, Wordpress 2026-04-08 N/A
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0.
CVE-2026-39630 2 Getty Images, Wordpress 2 Getty Images, Wordpress 2026-04-08 N/A
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.
CVE-2026-39665 2 Vladimir Prelovac, Wordpress 2 Seo Friendly Images, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
CVE-2026-39673 2 Shrikantkale, Wordpress 2 Izooto, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39675 2 Webmuehle, Wordpress 2 Court Reservation, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from n/a through <= 1.10.11.
CVE-2026-39479 2 Brainstorm Force, Wordpress 2 Ottokit, Wordpress 2026-04-08 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through <= 1.1.20.
CVE-2026-39500 2 Themesflat, Wordpress 2 Themesflat Addons For Elementor, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2.
CVE-2026-39504 2 Instawp, Wordpress 2 Instawp Connect, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.
CVE-2026-39526 2 Wordpress, Wpstream 2 Wordpress, Wpstream 2026-04-08 N/A
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.
CVE-2026-39562 2 Boldgrid, Wordpress 2 Client Invoicing By Sprout Invoices, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.
CVE-2026-39585 2 Arraytics, Wordpress 2 Booktics, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.
CVE-2026-39693 2 Fesomia, Wordpress 2 Fsm Custom Featured Image Caption, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.
CVE-2026-39701 2 Andrew, Wordpress 2 Shopwp, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.
CVE-2026-39699 2 Massiveshift, Wordpress 2 Ai Workflow Automation, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through <= 1.4.2.
CVE-2026-39689 2 Eshipper, Wordpress 2 Eshipper Commerce, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39687 2 Rapid Car Check, Wordpress 2 Rapid Car Check Vehicle Data, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.