Export limit exceeded: 12401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12401 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6395 | 2 Winking, Wordpress | 2 Word 2 Cash, Wordpress | 2026-05-20 | 6.1 Medium |
| The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2c_admin() function, combined with missing input sanitization before storage and missing output escaping when rendering the stored value. The w2c-definitions POST parameter is saved raw via update_option() and later echoed without escaping inside a <textarea> element. This makes it possible for unauthenticated attackers to forge a request on behalf of a logged-in administrator, storing arbitrary JavaScript payloads that execute in the WordPress admin panel whenever the settings page is visited. | ||||
| CVE-2026-2955 | 2 Wordpress, Wupsales | 2 Wordpress, Ai Chatbot & Workflow Automation By Aiwu | 2026-05-20 | 6.4 Medium |
| The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Practical exploitation is constrained due to a 20-character storage limit. | ||||
| CVE-2026-45442 | 2 Brainstorm Force, Wordpress | 2 Presto Player, Wordpress | 2026-05-20 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3. | ||||
| CVE-2026-47100 | 2 Funnelkit, Wordpress | 2 Funnel Builder For Woocommerce Checkout, Wordpress | 2026-05-20 | 7.5 High |
| Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject malicious JavaScript through the External Scripts setting that executes in the browsers of all checkout page visitors. | ||||
| CVE-2026-8096 | 2 Themeum, Wordpress | 2 Kirki – Freeform Page Builder, Website Builder & Customizer, Wordpress | 2026-05-20 | 6.5 Medium |
| The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to view all Kirki frontend forms and read stored visitor form submission data, including contact details, messages, and any other visitor-provided information submitted through site forms. | ||||
| CVE-2026-8073 | 2 Themeum, Wordpress | 2 Kirki – Freeform Page Builder, Website Builder & Customizer, Wordpress | 2026-05-20 | 7.5 High |
| The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for unauthenticated attackers to read and delete arbitrary files limited in the WordPress uploads base directory. | ||||
| CVE-2026-4885 | 2 Piotnet, Wordpress | 2 Piotnet Addons For Elementor, Wordpress | 2026-05-20 | 9.8 Critical |
| The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit can only be exploited if a file field is added to the form. | ||||
| CVE-2025-68065 | 2 Liquidthemes, Wordpress | 2 Hub, Wordpress | 2026-05-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core allows PHP Local File Inclusion. This issue affects Hub Core: from n/a before 6.0.2. | ||||
| CVE-2026-7467 | 2 Edmonsoft, Wordpress | 2 Read More & Accordion, Wordpress | 2026-05-20 | 8.8 High |
| The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site. | ||||
| CVE-2025-15609 | 2 Fortispay, Wordpress | 2 Fortis For Woocommerce, Wordpress | 2026-05-19 | 7.5 High |
| The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc. | ||||
| CVE-2026-39467 | 2 Metaslider, Wordpress | 2 Responsive Slider By Metaslider, Wordpress | 2026-05-19 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0. | ||||
| CVE-2026-8912 | 2 Contest-gallery, Wordpress | 2 Contest Gallery – Upload & Vote Photos, Media, Sell With Paypal & Stripe, Wordpress | 2026-05-19 | 7.5 High |
| The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticated 'post_cg_gallery_form_upload' AJAX action (specifically the 'cb' branch of the included users-upload-check.php, where $f_input_id is concatenated unquoted into 'SELECT Field_Content FROM ... WHERE id = $f_input_id'). The endpoint is gated only by a public frontend nonce ('cg1l_action' / 'cg_nonce') that is exposed in the page source of any public gallery page. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-4883 | 2 Piotnet, Wordpress | 2 Piotnet Forms, Wordpress | 2026-05-19 | 9.8 Critical |
| The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, and exe extensions, while allowing dangerous extensions such as .phar or .phtml to be uploaded. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit can only be exploited if a file field is added to the form. | ||||
| CVE-2018-25324 | 2 Simple Fields Project, Wordpress | 2 Simple Fields, Wordpress | 2026-05-18 | 6.2 Medium |
| Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp_abspath values to simple_fields.php to include files like /etc/passwd or inject PHP code into Apache logs for remote code execution when allow_url_include is enabled. | ||||
| CVE-2021-47975 | 2 Wordpress, Wplearnmanager | 2 Wordpress, Wp Learn Manager | 2026-05-18 | 7.2 High |
| WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface. | ||||
| CVE-2020-37243 | 3 Supsystic, Wordpress, Wpdarko | 3 Price Table, Wordpress, Responsive Pricing Table | 2026-05-18 | 8.2 High |
| Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables. | ||||
| CVE-2021-47977 | 2 Gotmls, Wordpress | 2 Malware Security And Bruteforce Firewall, Wordpress | 2026-05-18 | 7.5 High |
| WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory. | ||||
| CVE-2020-37227 | 2 Heliossolutions, Wordpress | 2 Hs Brand Logo Slider, Wordpress | 2026-05-18 | 8.8 High |
| HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution. | ||||
| CVE-2020-37233 | 2 Boonebgorges, Wordpress | 3 Buddypress Docs, Buddypress Cover, Wordpress | 2026-05-18 | 6.4 Medium |
| WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like onload that execute when administrators or privileged users preview or view the affected page content, enabling session hijacking and persistent phishing attacks. | ||||
| CVE-2020-37245 | 2 Supsystic, Wordpress | 2 Digital Publications By Supsystic, Wordpress | 2026-05-18 | 7.5 High |
| Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited. | ||||