Export limit exceeded: 45980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38478 | 1 Crmperks | 1 Integration For Woocommerce And Quickbooks | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | ||||
| CVE-2023-37982 | 1 Crmperks | 1 Integration For Salesforce And Contact Form 7\, Wpforms\, Elementor\, Ninja Forms | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | ||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2026-04-28 | 8.2 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | ||||
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2026-04-28 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | ||||
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2026-04-28 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | ||||
| CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2026-04-28 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | ||||
| CVE-2023-35883 | 1 Magazine3 | 1 Core Web Vitals \& Pagespeed Booster | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. | ||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2026-04-28 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | ||||
| CVE-2023-34020 | 1 Uncannyowl | 1 Uncanny Toolkit For Learndash | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | ||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2026-04-28 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | ||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2026-04-28 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | ||||
| CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | ||||
| CVE-2023-32101 | 1 Pexlechris | 1 Library Viewer | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | ||||
| CVE-2023-31229 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | ||||
| CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2026-04-28 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | ||||
| CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2026-04-28 | 3.7 Low |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | ||||
| CVE-2023-23679 | 1 Jshelpdesk | 1 Jshelpdesk | 2026-04-28 | 4.6 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | ||||
| CVE-2022-43450 | 1 Xwp | 1 Stream | 2026-04-28 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | ||||
| CVE-2026-27601 | 2 Jashkenas, Underscorejs | 2 Underscore, Underscore | 2026-04-28 | 5.9 Medium |
| Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a stack overflow. Untrusted input must be used to create a recursive datastructure, for example using JSON.parse, with no enforced depth limit. The datastructure thus created must be passed to _.flatten or _.isEqual. In the case of _.flatten, the vulnerability can only be exploited if it is possible for a remote client to prepare a datastructure that consists of arrays at all levels AND if no finite depth limit is passed as the second argument to _.flatten. In the case of _.isEqual, the vulnerability can only be exploited if there exists a code path in which two distinct datastructures that were submitted by the same remote client are compared using _.isEqual. For example, if a client submits data that are stored in a database, and the same client can later submit another datastructure that is then compared to the data that were saved in the database previously, OR if a client submits a single request, but its data are parsed twice, creating two non-identical but equivalent datastructures that are then compared. Exceptions originating from the call to _.flatten or _.isEqual, as a result of a stack overflow, are not being caught. This vulnerability is fixed in 1.13.8. | ||||
| CVE-2026-41369 | 1 Openclaw | 1 Openclaw | 2026-04-28 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity. | ||||