Punnel – Landing Page Builder CVEs and Security Vulnerabilities

Search

Expected end of text, found '–' (at char 33), (line:1, col:34)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344909 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24604	1 Wordpress	1 Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
CVE-2026-24606	3 Web Impian, Woocommerce, Wordpress	3 Bayarcash Woo Commerce, Woocommerce, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13.
CVE-2026-24607	1 Wordpress	1 Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
CVE-2026-24609	1 Wordpress	1 Wordpress	2026-04-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-24612	2 Themebeez, Wordpress	2 Orchid Store, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
CVE-2026-24613	2 Lightspeedhq, Wordpress	2 Ecwid Ecommerce Shopping Cart, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6.
CVE-2026-24614	1 Wordpress	1 Wordpress	2026-04-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.10.
CVE-2026-24615	1 Wordpress	1 Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.
CVE-2024-3727	1 Redhat	18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more	2026-04-16	8.3 High
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CVE-2026-35615	2 Mervinpraison, Praison	2 Praisonai, Praisonai	2026-04-16	7.5 High
PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal to any file on the system. This vulnerability is fixed in 1.5.113.
CVE-2026-24616	1 Wordpress	1 Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.5.
CVE-2026-24624	1 Wordpress	1 Wordpress	2026-04-16	7.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through <= 1.0.
CVE-2026-24627	2 Trusona, Wordpress	2 Trusona For Wordpress, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through <= 2.0.0.
CVE-2026-24630	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.2.5.
CVE-2026-24632	1 Wordpress	1 Wordpress	2026-04-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through <= 1.0.0.
CVE-2026-24634	2 Rustaurius, Wordpress	2 Ultimate Reviews, Wordpress	2026-04-16	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16.
CVE-2026-1189	2 Leadbi, Wordpress	2 Leadbi Plugin, Wordpress	2026-04-16	6.4 Medium
The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_id' parameter of the 'leadbi_form' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-1191	1 Wordpress	1 Wordpress	2026-04-16	4.4 Medium
The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the `wp_footer` action. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-1399	1 Wordpress	1 Wordpress	2026-04-16	4.4 Medium
The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2026-1431	2 Wordpress, Wpdevelop	2 Wordpress, Booking Calendar	2026-04-16	5.3 Medium
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information including customer names, phones and emails.

« first previous Page 16 of 17246. next last »