CVE Vulnerabilities - 8 April 2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects L...

A flaw in Grand Portfolio allows hackers to trick users into making unintended changes to the website. This can lead to unauthorized actions being taken on the user's account. Users and administrators...

A security weakness in Grand Blog software makes it possible for attackers to trick users into performing unintended actions on the site. This could happen if a user clicks on a malicious link or open...

WPSchoolPress, a plugin for WordPress, has a security weakness that lets hackers access sensitive data if the access control settings are not correctly set. This means that sensitive information could...

Getty Images has a security issue that allows attackers to trick your server into making requests to unintended websites. This could lead to data theft or other malicious activity. Update Getty Images...

A security weakness in Uminex allows hackers to inject malicious code into web pages, potentially compromising user data and security. This issue affects all versions of Uminex up to and including 1.0...

A security issue in DukaMarket allows hackers to inject code into your website, potentially stealing sensitive information or taking control of your site. This issue affects DukaMarket versions up to ...

A missing security feature in Ashe can let attackers access sensitive areas of your website or application without permission. This affects Ashe software versions up to 2.266. To fix, update to a newe...

A security issue in the Armania theme allows hackers to inject malicious code into web pages, potentially stealing user data or taking control of the site. This issue affects the Armania theme for web...

A security issue in TechOne, a website theme, could allow an attacker to inject malicious code into TechOne websites. This could happen when a user visits a specially crafted website, potentially allo...

A misconfigured access control setting in Biolife theme versions 3.2.3 and earlier allows unauthorized access. This means that users may be able to access or modify sensitive data without proper permi...

A security issue in Biolife, a theme for websites, allows unauthorized access to files on the website. This could allow attackers to view or modify sensitive information. To protect your website, upda...

The Education Base software has a security weakness that allows unauthorized access to sensitive information. This means that if not set up correctly, users might be able to access data they shouldn't...

An attacker can trick users into uploading a malicious file to a SpicePress website, potentially allowing them to take control of the server. This issue affects all versions of SpicePress up to 2.3.2....

A security weakness in Appointment software allows hackers to upload unauthorized files to a web server. This could lead to the server being taken over or used to spread malware. Update to Appointment...

An attacker can upload malicious files to a Busiprof web server, potentially allowing them to take control of the server. This is a serious risk because it allows an attacker to execute arbitrary code...

A security issue in NewsExo allows an attacker to trick users into performing unintended actions on the website. This could lead to unauthorized changes or data loss. To protect against this, update N...

A security issue in dFactory Download Attachments allows unauthorized access to sensitive files if access controls are not properly set. This affects all versions up to 1.4.0. Update to the latest ver...

Some settings in JW Player for WordPress are not properly locked down, which means an attacker could potentially access unauthorized videos. This affects JW Player for WordPress versions up to 2.3.6. ...

KuteShop, an e-commerce platform, has a security issue that could allow unauthorized access to sensitive areas of the website. This could happen if access control settings are not properly configured,...

An outdated version of WpXmas-Snow may allow an attacker to access sensitive areas of the system without proper permission. This could lead to unauthorized changes or data breaches. Update WpXmas-Snow...

The iPOSpays Gateway WC has a security weakness that could allow unauthorized access to sensitive information. If not configured properly, users may be able to view or manipulate data they shouldn't b...

A bug in BizReview means that users with incorrect access settings can access areas they shouldn't. This could lead to unauthorized changes or data access. Upgrade to the latest version of BizReview t...

A security issue in MyBookTable Bookstore software allows hackers to inject malicious code into the website, which can be used to steal user data or take control of accounts. This affects versions 1 t...

The Rustaurius Order Tracking software has a security issue that could allow unauthorized access to order data. This is because the access control settings are not properly configured, which means tha...