Total
347802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32535 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 3.0.3. | |||||
| CVE-2026-32533 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6. | |||||
| CVE-2026-32527 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5. | |||||
| CVE-2026-32515 | 2026-04-29 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2. | |||||
| CVE-2026-32514 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3. | |||||
| CVE-2026-32511 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7. | |||||
| CVE-2026-32510 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3. | |||||
| CVE-2026-32509 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4. | |||||
| CVE-2026-32508 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8. | |||||
| CVE-2026-32507 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4. | |||||
| CVE-2026-32506 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7. | |||||
| CVE-2026-32501 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through <= 3.7.9. | |||||
| CVE-2026-32497 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45. | |||||
| CVE-2026-32496 | 2026-04-29 | N/A | 6.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through <= 1.2.9. | |||||
| CVE-2026-32493 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 3.2.0. | |||||
| CVE-2026-32492 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1. | |||||
| CVE-2026-32485 | 2026-04-29 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8. | |||||
| CVE-2026-32484 | 2026-04-29 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. | |||||
| CVE-2026-32483 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63. | |||||
| CVE-2026-32461 | 2026-04-29 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7. | |||||