ReportizFlow
Filtered by vendor
Subscriptions
Total
338331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32424 | 2 Boldgrid, Wordpress | 2 Sprout Clients, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2. | ||||
| CVE-2026-32427 | 2 Vowelweb, Wordpress | 2 Vw Education Lite, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0. | ||||
| CVE-2026-32429 | 2 Noor Alam, Wordpress | 2 Magical Addons For Elementor, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1. | ||||
| CVE-2026-32431 | 2 Brainstorm Force, Wordpress | 2 Astra Bulk Edit, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10. | ||||
| CVE-2026-32430 | 2 Ideabox, Wordpress | 2 Powerpack Addons For Elementor, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9. | ||||
| CVE-2026-32433 | 2 Codepeople, Wordpress | 2 Cp Contact Form With Paypal, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61. | ||||
| CVE-2026-32434 | 2 Vowelweb, Wordpress | 2 Vw Fitness, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4. | ||||
| CVE-2026-32440 | 2 Ex-themes, Wordpress | 2 Wp Food, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1. | ||||
| CVE-2026-32443 | 2 Josh Kohlbach, Wordpress | 2 Product Feed Pro For Woocommerce, Wordpress | 2026-03-16 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2. | ||||
| CVE-2026-32448 | 2 Eric Teubert, Wordpress | 2 Podlove Podcast Publisher, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3. | ||||
| CVE-2026-32449 | 2 Themifyme, Wordpress | 2 Themify Event Post, Wordpress | 2026-03-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4. | ||||
| CVE-2026-32452 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. | ||||
| CVE-2026-32453 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0. | ||||
| CVE-2026-32456 | 2 Janis Elsts, Wordpress | 2 Admin Menu Editor, Wordpress | 2026-03-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. | ||||
| CVE-2026-32459 | 2 Flycart, Wordpress | 2 Upsellwp, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4. | ||||
| CVE-2026-32487 | 2 Rarathemes, Wordpress | 2 Lawyer Landing Page, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. | ||||
| CVE-2026-32612 | 1 Statamic | 1 Cms | 2026-03-16 | 5.4 Medium |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. This has been fixed in 6.6.2. | ||||
| CVE-2026-4111 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2026-03-16 | 7.5 High |
| A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives. | ||||
| CVE-2015-20114 | 1 Next Click Ventuers | 1 Realtyscript | 2026-03-16 | 6.1 Medium |
| Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application. | ||||
| CVE-2015-20115 | 1 Next Click Ventures | 1 Realtyscript | 2026-03-16 | 7.2 High |
| Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users. | ||||