Export limit exceeded: 347076 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347076 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68514 | 2 Cozmoslabs, Wordpress | 2 Paid Member Subscriptions, Wordpress | 2026-04-29 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8. | ||||
| CVE-2025-53196 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0. | ||||
| CVE-2026-24372 | 2 Wordpress, Wp Swings | 2 Wordpress, Subscriptions For Woocommerce | 2026-04-29 | 7.5 High |
| Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through <= 1.8.10. | ||||
| CVE-2025-50001 | 2 Tagdiv, Wordpress | 2 Tagdiv Composer, Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2. | ||||
| CVE-2026-25002 | 2 Thimpress, Wordpress | 2 Learnpress – Sepay Payment, Wordpress | 2026-04-29 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0. | ||||
| CVE-2026-25327 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9. | ||||
| CVE-2025-68850 | 2 Codepeople, Wordpress | 2 Sell Downloads, Wordpress | 2026-04-29 | 7.5 High |
| Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12. | ||||
| CVE-2025-59575 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2026-04-29 | 4.9 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | ||||
| CVE-2025-68016 | 3 Onepay Sri Lanka, Woocommerce, Wordpress | 3 Onepay Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2. | ||||
| CVE-2025-49866 | 2026-04-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1. | ||||
| CVE-2025-53998 | 2026-04-29 | 6.5 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through <= 2.1.20. | ||||
| CVE-2025-67956 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-04-29 | 8.2 High |
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6. | ||||
| CVE-2025-54008 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Retrieve Embedded Sensitive Data.This issue affects JetSmartFilters: from n/a through <= 3.6.7. | ||||
| CVE-2025-67969 | 2 Knitpay, Wordpress | 2 Upi Qr Code Payment Gateway For Woocommerce, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1. | ||||
| CVE-2025-53993 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15. | ||||
| CVE-2025-59003 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 5.8 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through <= 4.2.3. | ||||
| CVE-2025-46434 | 3 Elementor, Posimyth, Wordpress | 3 Elementor, The Plus Addons For Elementor, Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7. | ||||
| CVE-2025-53992 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1. | ||||
| CVE-2025-54743 | 2 Mkscripts, Wordpress | 2 Download After Email, Wordpress | 2026-04-29 | 5.8 Medium |
| Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6. | ||||
| CVE-2025-58595 | 2 Saad Iqbal, Wordpress | 2 All In One Login, Wordpress | 2026-04-29 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | ||||