Export limit exceeded: 12396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48346 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through <= 1.0.8. | ||||
| CVE-2025-48103 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's Date Inserter: from n/a through <= 1.2.1. | ||||
| CVE-2025-47657 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce allows SQL Injection.This issue affects Productive Commerce: from n/a through <= 1.1.40. | ||||
| CVE-2025-47650 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from n/a through <= 2.15.06. | ||||
| CVE-2025-47620 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Martins Free Monetized Ad Exchange Network: from n/a through <= 1.0.6. | ||||
| CVE-2025-46462 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Trân Minh-Quân WPVN wpvn-username-changer allows Cross Site Request Forgery.This issue affects WPVN: from n/a through <= 0.7.8. | ||||
| CVE-2025-39468 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1. | ||||
| CVE-2025-32553 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4. | ||||
| CVE-2025-32528 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maximevalette iCal Feeds ical-feeds allows Reflected XSS.This issue affects iCal Feeds: from n/a through <= 1.5.3. | ||||
| CVE-2025-32246 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup & Restore Database: from n/a through <= 1.0.3. | ||||
| CVE-2025-32178 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 6Storage Rentals: from n/a through <= 2.20.2. | ||||
| CVE-2025-31836 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0. | ||||
| CVE-2025-31602 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. | ||||
| CVE-2025-30584 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter alphaomega-captcha-anti-spam allows Stored XSS.This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through <= 3.3. | ||||
| CVE-2025-30536 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeitwesentech Beautiful Link Preview beautiful-link-preview allows Stored XSS.This issue affects Beautiful Link Preview: from n/a through <= 1.5.0. | ||||
| CVE-2025-28951 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. | ||||
| CVE-2025-26898 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. | ||||
| CVE-2025-24735 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.7 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live Chat + ChatBot + Cart Saver: from n/a through 1.0.11. | ||||
| CVE-2025-24689 | 2 Codection, Wordpress | 2 Import And Export Users And Customers, Wordpress | 2026-04-28 | 5.9 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Retrieve Embedded Sensitive Data.This issue affects Import and export users and customers: from n/a through <= 1.27.12. | ||||
| CVE-2025-23772 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petulla’ imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a through <= 1.7. | ||||