Vulnerabilites CVE

Base de donnees CVE enrichie avec CISA KEV et NVD

Total: 6,396 CVEs

CVE ID	CVSS	Severite	KEV	Publie
CVE-2026-39496 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a throug...	N/A	NONE	—	4/8/2026
CVE-2026-39500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This ...	N/A	NONE	—	4/8/2026
CVE-2026-39504 Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a thro...	N/A	NONE	—	4/8/2026
CVE-2026-39506 Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a thr...	N/A	NONE	—	4/8/2026
CVE-2026-39509 Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.	N/A	NONE	—	4/8/2026
CVE-2026-39510 Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Se...	N/A	NONE	—	4/8/2026
CVE-2026-39516 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue a...	N/A	NONE	—	4/8/2026
CVE-2026-39520 Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.	N/A	NONE	—	4/8/2026
CVE-2026-39521 Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.	N/A	NONE	—	4/8/2026
CVE-2026-39526 Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n...	N/A	NONE	—	4/8/2026
CVE-2026-39535 Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display ...	N/A	NONE	—	4/8/2026
CVE-2026-39536 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and ...	N/A	NONE	—	4/8/2026
CVE-2026-39538 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issu...	N/A	NONE	—	4/8/2026
CVE-2026-39517 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a th...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39542 Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder fo...	N/A	NONE	—	4/8/2026
CVE-2026-39544 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affect...	N/A	NONE	—	4/8/2026
CVE-2026-39562 Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client In...	N/A	NONE	—	4/8/2026
CVE-2026-39564 Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo C...	N/A	NONE	—	4/8/2026
CVE-2026-39566 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Direc...	N/A	NONE	—	4/8/2026
CVE-2026-39570 Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting L...	N/A	NONE	—	4/8/2026
CVE-2026-39571 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a ...	N/A	NONE	—	4/8/2026
CVE-2026-39541 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a ...	5.9	MEDIUM	—	4/8/2026
CVE-2026-39572 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retr...	N/A	NONE	—	4/8/2026
CVE-2026-39585 Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.	N/A	NONE	—	4/8/2026
CVE-2026-39586 Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a throug...	N/A	NONE	—	4/8/2026
CVE-2026-39588 Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...	N/A	NONE	—	4/8/2026
CVE-2026-39602 Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a thro...	N/A	NONE	—	4/8/2026
CVE-2026-39604 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Books...	N/A	NONE	—	4/8/2026
CVE-2026-39606 Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13...	N/A	NONE	—	4/8/2026
CVE-2026-39608 Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways W...	N/A	NONE	—	4/8/2026
CVE-2026-39575 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affec...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39603 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through <= 5.7.8.	5.4	MEDIUM	—	4/8/2026
CVE-2026-39610 Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= ...	N/A	NONE	—	4/8/2026
CVE-2026-39612 Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.	N/A	NONE	—	4/8/2026
CVE-2026-39614 Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordP...	N/A	NONE	—	4/8/2026
CVE-2026-39616 Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ...	N/A	NONE	—	4/8/2026
CVE-2026-39618 Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.	N/A	NONE	—	4/8/2026
CVE-2026-39620 Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.	N/A	NONE	—	4/8/2026
CVE-2026-39622 Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a thro...	N/A	NONE	—	4/8/2026
CVE-2026-39609 Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0....	5.3	MEDIUM	—	4/8/2026
CVE-2026-39611 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects...	7.5	HIGH	—	4/8/2026
CVE-2026-39624 Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.	N/A	NONE	—	4/8/2026
CVE-2026-39626 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.	N/A	NONE	—	4/8/2026
CVE-2026-39628 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <=...	N/A	NONE	—	4/8/2026
CVE-2026-39630 Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.	N/A	NONE	—	4/8/2026
CVE-2026-39632 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.	N/A	NONE	—	4/8/2026
CVE-2026-39634 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.	N/A	NONE	—	4/8/2026
CVE-2026-39636 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects L...	N/A	NONE	—	4/8/2026
CVE-2026-39623 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects B...	7.5	HIGH	—	4/8/2026
CVE-2026-39625 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3.	5.3	MEDIUM	—	4/8/2026

Page 48 de 128

Precedent Suivant

This product uses data from the NVD API but is not endorsed or certified by the NVD.