Vulnerabilidades CVE

Base de dados CVE enriquecida com CISA KEV e NVD

Total: 17,177 CVEs

CVE ID	CVSS	Severidade	KEV	Publicado
CVE-2026-3056 The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all ve...	4.3	MEDIUM	—	3/4/2026
CVE-2026-2365 The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6.1.17. This is due to...	7.2	HIGH	—	3/5/2026
CVE-2026-2899 The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the `deleteFile()` method in the `Uploader` cl...	6.5	MEDIUM	—	3/5/2026
CVE-2026-3034 The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up...	6.4	MEDIUM	—	3/5/2026
CVE-2026-3523 The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type vali...	4.9	MEDIUM	—	3/5/2026
CVE-2025-53335 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berge...	8.1	HIGH	—	3/5/2026
CVE-2025-54001 Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.	9.8	CRITICAL	—	3/5/2026
CVE-2026-22427 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affe...	8.1	HIGH	—	3/5/2026
CVE-2026-22429 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Verdure verdure allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-22431 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wabi-Sabi wabi-sabi allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	3/5/2026
CVE-2026-22432 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woo...	8.1	HIGH	—	3/5/2026
CVE-2026-22433 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CloudMe cloudme allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	3/5/2026
CVE-2026-22434 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Crown Art crown-art allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	3/5/2026
CVE-2026-22436 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects ...	8.1	HIGH	—	3/5/2026
CVE-2026-22437 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playa playa allows PHP Local File Inclusion.This issue affects Pla...	8.1	HIGH	—	3/5/2026
CVE-2026-22438 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= 1.0...	7.1	HIGH	—	3/5/2026
CVE-2026-22439 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This iss...	8.1	HIGH	—	3/5/2026
CVE-2026-22440 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through <= 1.4...	7.1	HIGH	—	3/5/2026
CVE-2026-22441 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Zentrum zentrum allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-22465 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through ...	7.1	HIGH	—	3/5/2026
CVE-2026-22467 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a ...	7.1	HIGH	—	3/5/2026
CVE-2026-22473 Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.	8.8	HIGH	—	3/5/2026
CVE-2026-22474 Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.	9.8	CRITICAL	—	3/5/2026
CVE-2026-22475 Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.	9.8	CRITICAL	—	3/5/2026
CVE-2026-22476 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects Et...	8.1	HIGH	—	3/5/2026
CVE-2026-22477 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	3/5/2026
CVE-2026-22478 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2026-22497 Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.	9.8	CRITICAL	—	3/5/2026
CVE-2026-22501 Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.	9.8	CRITICAL	—	3/5/2026
CVE-2026-23546 Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from...	6.5	MEDIUM	—	3/5/2026
CVE-2026-27335 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows...	8.1	HIGH	—	3/5/2026
CVE-2026-27336 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Consultor \| Consulting, Accounting & Legal Counsel WordPress Theme...	8.1	HIGH	—	3/5/2026
CVE-2026-27337 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle al...	8.1	HIGH	—	3/5/2026
CVE-2026-27338 Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7.	8.8	HIGH	—	3/5/2026
CVE-2026-27339 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone \| Magazine & Viral Blog WordPress Theme buzzstone allow...	8.1	HIGH	—	3/5/2026
CVE-2026-27340 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo \| Night Club, DJ Event WordPress Theme apollo allows PHP Lo...	8.1	HIGH	—	3/5/2026
CVE-2026-27341 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local Fil...	8.1	HIGH	—	3/5/2026
CVE-2026-27342 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local ...	8.1	HIGH	—	3/5/2026
CVE-2026-27354 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows Store...	6.5	MEDIUM	—	3/5/2026
CVE-2026-27383 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metr...	8.1	HIGH	—	3/5/2026
CVE-2026-27384 Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total C...	9.0	CRITICAL	—	3/5/2026
CVE-2026-27385 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects...	7.1	HIGH	—	3/5/2026
CVE-2026-27388 Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects...	7.5	HIGH	—	3/5/2026
CVE-2026-27389 Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue af...	9.8	CRITICAL	—	3/5/2026
CVE-2026-27390 Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue af...	8.8	HIGH	—	3/5/2026
CVE-2026-27396 Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through ...	7.3	HIGH	—	3/5/2026
CVE-2026-27406 Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through <= 2.1.0.	7.5	HIGH	—	3/5/2026
CVE-2026-27411 Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.	5.4	MEDIUM	—	3/5/2026
CVE-2026-27417 Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1.	9.8	CRITICAL	—	3/5/2026
CVE-2026-27990 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects ConFi...	8.1	HIGH	—	3/5/2026

Pagina 238 de 344

Anterior Proximo

This product uses data from the NVD API but is not endorsed or certified by the NVD.