Search Results (11973 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23849 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18.
CVE-2025-31029 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.
CVE-2025-62753 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through <= 1.3.4.
CVE-2025-62756 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer the-moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through <= 10.0.9.
CVE-2025-62990 2 Livemesh, Wordpress 2 Livemesh Addons For Beaver Builder, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through <= 3.9.2.
CVE-2025-63020 2 Wayne Allen, Wordpress 2 Postie, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through <= 1.9.73.
CVE-2025-32546 1 Wordpress 1 Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through <= 1.5.3.
CVE-2025-32555 1 Wordpress 1 Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3.
CVE-2025-63027 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcreations907 WBC907 Core wbc907-core allows Stored XSS.This issue affects WBC907 Core: from n/a through <= 3.4.1.
CVE-2025-63065 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-04-15 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through <= 3.29.
CVE-2025-39463 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9.
CVE-2023-47820 2 Crudlab, Wordpress 2 Wp Like Button, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.
CVE-2025-48077 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0.
CVE-2025-48078 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3.
CVE-2025-48083 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5.
CVE-2025-48086 2 Wordpress, Wp-dreams 2 Wordpress, Ajax Search 2026-04-15 9.8 Critical
Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.
CVE-2025-48089 2 Rainbow-themes, Wordpress 2 Education Wordpress Theme, Wordpress 2026-04-15 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.
CVE-2025-48290 2 Bslthemes, Wordpress 2 Kinsley, Wordpress 2026-04-15 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4.
CVE-2025-3063 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2025-49372 1 Wordpress 1 Wordpress 2026-04-15 10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.