Search Results (11887 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-28893 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through <= 1.2.1.
CVE-2025-68013 3 Cardpaysolutions, Woocommerce, Wordpress 3 Payment Gateway Authorize.net Cim For Woocommerce, Woocommerce, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2.
CVE-2025-68015 2 Vollstart, Wordpress 2 Event Tickets With Ticket Scanner, Wordpress 2026-04-15 9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.5.
CVE-2025-23552 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yashar Texteller texteller allows Reflected XSS.This issue affects Texteller: from n/a through <= 1.3.0.
CVE-2025-68016 3 Onepay Sri Lanka, Woocommerce, Wordpress 3 Onepay Payment Gateway For Woocommerce, Woocommerce, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2.
CVE-2025-68017 2 Antideo, Wordpress 2 Email Validator, Wordpress 2026-04-15 7.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.
CVE-2025-68018 3 Ilmosys, Woocommerce, Wordpress 3 Order Listener For Woocommerce, Woocommerce, Wordpress 2026-04-15 9.4 Critical
Missing Authorization vulnerability in StackWC Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Listener for WooCommerce: from n/a through <= 3.6.1.
CVE-2025-68019 2 Cleverplugins, Wordpress 2 Seo Booster, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.
CVE-2025-68020 2 Wanotifier, Wordpress 2 Wanotifier, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.13.
CVE-2025-68021 2 Conveythis, Wordpress 2 Conveythis, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.8.
CVE-2025-23585 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter googl-url-shorter allows Reflected XSS.This issue affects Goo.gl Url Shorter: from n/a through <= 1.0.1.
CVE-2025-68024 2 Addonify, Wordpress 2 Addonify – Woocommerce Wishlist, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.
CVE-2023-32120 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
CVE-2025-68026 2 Niaj Morshed, Wordpress 2 Lc Wizard, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.
CVE-2025-68028 2 Passionate Brains, Wordpress 2 Ga4wp: Google Analytics For Wordpress, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
CVE-2025-68029 2 Wordpress, Wpswings 2 Wordpress, Wallet System For Woocommerce 2026-04-15 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3.
CVE-2025-68030 1 Wordpress 1 Wordpress 2026-04-15 7.2 High
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.
CVE-2025-58194 2 Bold-themes, Wordpress 2 Bold Page Builder, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.3.
CVE-2025-68032 2 Passionate Brains, Wordpress 2 Advanced Wc Analytics, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0.
CVE-2025-26957 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons affiliate-coupons allows PHP Local File Inclusion.This issue affects Affiliate Coupons: from n/a through <= 1.7.3.