Export limit exceeded: 346039 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346039 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62054 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through <= 4.1.8. | ||||
| CVE-2025-67533 | 2 Themify, Wordpress | 2 Portfolio Post, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through <= 1.3.0. | ||||
| CVE-2025-53472 | 2026-04-15 | 7.2 High | ||
| WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI. | ||||
| CVE-2025-62057 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0. | ||||
| CVE-2025-67534 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7. | ||||
| CVE-2025-62064 | 2 Elated-themes, Wordpress | 2 Search And Go Directory, Wordpress | 2026-04-15 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7. | ||||
| CVE-2025-62066 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.4 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8. | ||||
| CVE-2025-67535 | 2 Weplugins, Wordpress | 2 Wp Maps, Wordpress | 2026-04-15 | 6.5 Medium |
| Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6. | ||||
| CVE-2025-62069 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through <= 1.3.3.8. | ||||
| CVE-2025-62070 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13. | ||||
| CVE-2025-62071 | 2 Repuso, Wordpress | 2 Repuso, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 5.29. | ||||
| CVE-2025-58358 | 2026-04-15 | 7.5 High | ||
| Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.). This issue is fixed in version 0.0.2. | ||||
| CVE-2025-62073 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Sovlix MeetingHub meetinghub.This issue affects MeetingHub: from n/a through <= 1.23.9. | ||||
| CVE-2023-41664 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4. | ||||
| CVE-2025-60106 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0. | ||||
| CVE-2023-41683 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11. | ||||
| CVE-2025-27361 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express for Google: from n/a through <= 0.3.2. | ||||
| CVE-2025-60109 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through <= 3.8. | ||||
| CVE-2025-62078 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through <= 3.0.0. | ||||
| CVE-2023-41689 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14. | ||||