Export limit exceeded: 346537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346537 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63062 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0. | ||||
| CVE-2025-63063 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2. | ||||
| CVE-2025-63065 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-04-24 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through <= 3.29. | ||||
| CVE-2025-63066 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3. | ||||
| CVE-2025-63067 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3. | ||||
| CVE-2025-63071 | 2 Averta, Wordpress | 2 Shortcodes And Extra Features For Phlox Theme, Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15. | ||||
| CVE-2025-63073 | 2 Dream-theme, Wordpress | 2 The7, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through < 12.9.0. | ||||
| CVE-2025-63074 | 2 Dream-theme, Wordpress | 2 The7, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through < 12.8.1.1. | ||||
| CVE-2025-63075 | 2 Muffingroup, Wordpress | 2 Betheme, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.2. | ||||
| CVE-2025-63077 | 3 Elementor, Happymonster, Wordpress | 3 Elementor, Happy Addons For Elementor, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3. | ||||
| CVE-2025-66533 | 2 Stellarwp, Wordpress | 2 Givewp, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1. | ||||
| CVE-2025-67467 | 2 Stellarwp, Wordpress | 2 Givewp, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1. | ||||
| CVE-2023-23729 | 2 Brainstormforce, Wordpress | 2 Spectra, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.3.0. | ||||
| CVE-2025-54004 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 2.7 Low |
| Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24. | ||||
| CVE-2025-54045 | 2 Cminds, Wordpress | 2 Cm On Demand Search And Replace, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5. | ||||
| CVE-2025-59001 | 2 Themenectar, Wordpress | 2 Salient Core, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8. | ||||
| CVE-2025-59009 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5. | ||||
| CVE-2025-64237 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5. | ||||
| CVE-2025-64238 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1. | ||||
| CVE-2025-64239 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2. | ||||