Export limit exceeded: 45980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4483 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. | ||||
| CVE-2026-25419 | 2 Flycart, Wordpress | 2 Upsellwp, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5. | ||||
| CVE-2026-25420 | 2 Mailerlite, Wordpress | 2 Mailerlite, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18. | ||||
| CVE-2026-25423 | 2 Creativeinteractivemedia, Wordpress | 2 Real3d Flipbook, Wordpress | 2026-04-16 | 3.8 Low |
| Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1. | ||||
| CVE-2026-25459 | 2 Uixthemes, Wordpress | 2 Sober, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12. | ||||
| CVE-2026-27042 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Notificationx | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1. | ||||
| CVE-2026-27092 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3.0. | ||||
| CVE-2026-27328 | 2 Devsblink, Wordpress | 2 Edublink, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7. | ||||
| CVE-2026-24946 | 2 Tychesoftwares, Wordpress | 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0. | ||||
| CVE-2026-0548 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-15 | 5.4 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the `delete_existing_user_photo` function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, with subscriber level access and above, to delete arbitrary attachments on the site. | ||||
| CVE-2026-0593 | 2 Wordpress, Wpgmaps | 2 Wordpress, Wp Go Maps | 2026-04-15 | 5.3 Medium |
| The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings. | ||||
| CVE-2026-1298 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the `image_replacement_from_url` function that is hooked to the `eri_from_url` AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to replace arbitrary image attachments on the site with images from external URLs, potentially enabling site defacement, phishing attacks, or content manipulation. | ||||
| CVE-2026-0572 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settings. | ||||
| CVE-2026-1748 | 2 Kirilkirkov, Wordpress | 2 Invoct – Pdf Invoices & Billing For Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve invoice clients, invoice items, and list of WordPress users along with their emails. | ||||
| CVE-2026-20626 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-15 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges. | ||||
| CVE-2026-1671 | 2 Switcorp, Wordpress | 2 Activity Log For Wordpress, Wordpress | 2026-04-15 | 6.5 Medium |
| The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files. | ||||
| CVE-2026-0727 | 2 Essentialplugin, Wordpress | 2 Accordion And Accordion Slider, Wordpress | 2026-04-15 | 5.4 Medium |
| The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wp_aas_save_attachment_data' and 'wp_aas_get_attachment_edit_form' functions. This makes it possible for authenticated attackers, with contributor level access and above, to read and modify attachment metadata including file paths, titles, captions, alt text, and custom links for any attachment on the site. | ||||
| CVE-2026-2022 | 2 Edgarrojas, Wordpress | 2 Smart Forms – When You Need More Than Just A Contact Form, Wordpress | 2026-04-15 | 4.3 Medium |
| The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednao_smart_forms_get_campaigns' AJAX action in all versions up to, and including, 2.6.99. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve donation campaign data including campaign IDs and names. | ||||
| CVE-2026-1254 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery – Photo Grid & Video Gallery | 2026-04-15 | 4.3 Medium |
| The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating them via the REST API. This makes it possible for authenticated attackers, with contributor level access and above, to update the title, excerpt, and content of arbitrary posts by passing post IDs in the modulaImages field when editing a gallery. | ||||
| CVE-2026-2312 | 2 Maxfoundry, Wordpress | 2 Media Library Folders, Wordpress | 2026-04-15 | 4.3 Medium |
| The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the delete_maxgalleria_media() and maxgalleria_rename_image() functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to delete or rename attachments owned by other users (including administrators). The rename flow also deletes all postmeta for the target attachment, causing data loss. | ||||