CVE Tracker
174,712 total CVEsLive vulnerability feed from the National Vulnerability Database
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5.
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
Showing 2726-2750 of 174,712 CVEs