Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49070 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1. | ||||
| CVE-2025-49069 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through <= 1.9.8. | ||||
| CVE-2025-49068 | 1 Oceanwp | 1 Ocean Extra | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oceanwp Ocean Extra ocean-extra allows Stored XSS.This issue affects Ocean Extra: from n/a through <= 2.4.8. | ||||
| CVE-2025-49067 | 1 Nasatheme | 1 Nasa Core | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core nasa-core allows Stored XSS.This issue affects Nasa Core: from n/a through < 6.4.1. | ||||
| CVE-2025-49066 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2. | ||||
| CVE-2025-49065 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0. | ||||
| CVE-2025-49064 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.10. | ||||
| CVE-2025-49063 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6. | ||||
| CVE-2025-49062 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3. | ||||
| CVE-2025-49061 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed porn-videos-embed allows Stored XSS.This issue affects Porn Videos Embed: from n/a through <= 0.9.1. | ||||
| CVE-2025-49059 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.20. | ||||
| CVE-2025-49058 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search soundst-seo-search allows Reflected XSS.This issue affects SoundSt SEO Search: from n/a through <= 1.2.3. | ||||
| CVE-2025-49057 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8. | ||||
| CVE-2025-49056 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2. | ||||
| CVE-2025-49055 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||
| CVE-2025-49054 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3. | ||||
| CVE-2025-49053 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager airdrop allows Stored XSS.This issue affects WP Airdrop Manager: from n/a through <= 1.0.5. | ||||
| CVE-2025-49052 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1. | ||||
| CVE-2025-49051 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through <= 1.1. | ||||
| CVE-2025-49050 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||