Export limit exceeded: 347076 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347076 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62116 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2. | ||||
| CVE-2025-62092 | 2 Wiremo, Wordpress | 2 Wiremo, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99. | ||||
| CVE-2025-62081 | 3 Channelize.io, Woocommerce, Wordpress | 3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0. | ||||
| CVE-2025-62085 | 2 Bertha, Wordpress | 2 Bertha Ai, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13. | ||||
| CVE-2025-62080 | 3 Channelize.io, Woocommerce, Wordpress | 3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0. | ||||
| CVE-2025-62079 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through <= 1.0.3. | ||||
| CVE-2025-62023 | 2 S2member, Wordpress | 2 S2member, Wordpress | 2026-04-28 | 9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905. | ||||
| CVE-2025-60202 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6. | ||||
| CVE-2025-60201 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through <= 8.3.5. | ||||
| CVE-2025-60189 | 3 Polopag, Woocommerce, Wordpress | 3 Polopag, Woocommerce, Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through <= 2.0.9. | ||||
| CVE-2025-60177 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a through <= 0.2.6. | ||||
| CVE-2025-60171 | 3 Woocommerce, Wordpress, Yourplugins | 3 Woocommerce, Wordpress, Conditional Cart Messages For Woocommerce | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through <= 1.2.10. | ||||
| CVE-2025-60156 | 2 Webandprintdesign, Wordpress | 2 Ar For Wordpress, Wordpress | 2026-04-28 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34. | ||||
| CVE-2025-60143 | 2 Netgsm, Wordpress | 2 Netgsm, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69. | ||||
| CVE-2025-60130 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in wedos.com WEDOS Global wgpwpp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WEDOS Global: from n/a through <= 1.2.2. | ||||
| CVE-2025-60084 | 3 Add-ons.org, Elementor, Wordpress | 3 Pdf-for-elementor-forms, Elementor, Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0. | ||||
| CVE-2025-60078 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through <= 3.0.2. | ||||
| CVE-2025-58982 | 2 Pixeline, Wordpress | 2 Email Protector, Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector pixelines-email-protector allows Stored XSS.This issue affects Pixeline's Email Protector: from n/a through <= 1.3.8. | ||||
| CVE-2025-58965 | 2 Agency Dominion, Wordpress | 2 Fusion Page Builder, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery fusion-extension-gallery allows Stored XSS.This issue affects Fusion Page Builder : Extension – Gallery: from n/a through <= 1.7.6. | ||||
| CVE-2025-58887 | 2026-04-28 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Course Finder | andré martin - it solutions & research UG Course Booking Platform course-booking-platform allows Stored XSS.This issue affects Course Booking Platform: from n/a through <= 1.0.0. | ||||