Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49427 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Abbie Expander abbie-expander allows Stored XSS.This issue affects Abbie Expander: from n/a through <= 1.0.1. | ||||
| CVE-2025-49426 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through <= 2.8. | ||||
| CVE-2025-49425 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through <= v0.4. | ||||
| CVE-2025-49424 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a through <= 1.9. | ||||
| CVE-2025-49422 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. | ||||
| CVE-2025-49421 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander wp-text-expander allows SQL Injection.This issue affects WP Text Expander: from n/a through <= 1.0.1. | ||||
| CVE-2025-49420 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Reflected XSS.This issue affects Ultra Portfolio: from n/a through <= 6.7. | ||||
| CVE-2025-49418 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allmart-core allows Server Side Request Forgery.This issue affects Allmart: from n/a through <= 1.0.0. | ||||
| CVE-2025-49414 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0. | ||||
| CVE-2025-49413 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6. | ||||
| CVE-2025-49412 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition page-transition allows Stored XSS.This issue affects Page Transition: from n/a through <= 1.3. | ||||
| CVE-2025-49411 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma FAQ Revolution - WordPress Plugin faq-revo allows Reflected XSS.This issue affects FAQ Revolution - WordPress Plugin: from n/a through <= 1.5.0. | ||||
| CVE-2025-49410 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Imran Emu Portfolio Manager Pro otw-portfolio-manager allows Upload a Web Shell to a Web Server.This issue affects Portfolio Manager Pro: from n/a through 3.8. | ||||
| CVE-2025-49409 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in brewlabs Portfolio Manager Pro otw-portfolio-manager allows Object Injection.This issue affects Portfolio Manager Pro: from n/a through 3.8. | ||||
| CVE-2025-49408 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification / Restriction for WordPress age-restriction allows Using Malicious Files.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. | ||||
| CVE-2025-49407 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in favethemes Premium SEO Pack premium-seo-pack allows Privilege Escalation.This issue affects Premium SEO Pack: from n/a through <= 3.3.2. | ||||
| CVE-2025-49406 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Premium Age Verification / Restriction for WordPress age-restriction allows Blind SQL Injection.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. | ||||
| CVE-2025-49405 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 4.3 Medium |
| Path Traversal: '.../...//' vulnerability in Favethemes Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0. | ||||
| CVE-2025-49404 | 2 Purethemes, Wordpress | 2 Listeo, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo Core listeo-core allows SQL Injection.This issue affects Listeo Core: from n/a through < 2.0.7. | ||||
| CVE-2025-49401 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | ||||