Search

Expected end of text, found ',' (at char 15), (line:1, col:16)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (343486 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-39671 2 Dotstore, Wordpress 2 Extra Fees Plugin For Woocommerce, Wordpress 2026-04-08 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.
CVE-2026-39673 2 Shrikantkale, Wordpress 2 Izooto, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39466 2026-04-08 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7.
CVE-2026-39473 2 Pär Thernström, Wordpress 2 Simple History, Wordpress 2026-04-08 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.
CVE-2026-39482 2 Publishpress, Wordpress 2 Post Expirator, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through <= 4.9.4.
CVE-2026-39483 2 Hidekazu Ishikawa, Wordpress 2 Vk All In One Expansion Unit, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.
CVE-2026-39485 2 Embedplus, Wordpress 2 Youtube Embed Plus, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4.
CVE-2026-39488 2 Surecart, Wordpress 2 Surecart, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.
CVE-2026-39497 2026-04-08 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through <= 1.4.5.
CVE-2026-39516 2 Posimyth, Wordpress 2 Nexter Blocks, Wordpress 2026-04-08 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
CVE-2026-39526 2 Wordpress, Wpstream 2 Wordpress, Wpstream 2026-04-08 N/A
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.
CVE-2026-39586 2 Ateeq Rafeeq, Wordpress 2 Repairbuddy, Wordpress 2026-04-08 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.
CVE-2026-39604 2 Wordpress, Zookatron 2 Wordpress, Mybooktable Bookstore 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
CVE-2026-39605 2 Obadiah, Wordpress 2 Super Custom Login, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39609 2 Wava.co, Wordpress 2 Wava Payment, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.
CVE-2026-39616 2 Dfactory, Wordpress 2 Download Attachments, Wordpress 2026-04-08 N/A
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.
CVE-2026-39631 2 Ronik@unlimitedwp, Wordpress 2 Wpschoolpress, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.
CVE-2026-39638 2 Themeum, Wordpress 2 Qubely, Wordpress 2026-04-08 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.
CVE-2026-39650 2 Unitech Web, Wordpress 2 Unitechpay, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.
CVE-2026-39659 2 Ultimatemember, Wordpress 2 Ultimate Member, Wordpress 2026-04-08 N/A
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3.