Export limit exceeded: 347026 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30550 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone'r callphoner allows Stored XSS.This issue affects CallPhone'r: from n/a through <= 1.1.1. | ||||
| CVE-2025-30548 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VarDump s.r.l. Advanced Post Search advanced-post-search allows Reflected XSS.This issue affects Advanced Post Search: from n/a through <= 1.1.0. | ||||
| CVE-2025-30547 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Tufts WP Cards wp-cards allows Reflected XSS.This issue affects WP Cards: from n/a through <= 1.5.1. | ||||
| CVE-2025-30544 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in svmidi OK Poster Group ok-poster-group allows Reflected XSS.This issue affects OK Poster Group: from n/a through <= 1.1. | ||||
| CVE-2025-30525 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ProfitShare.ro WP Profitshare wp-profitshare allows SQL Injection.This issue affects WP Profitshare: from n/a through <= 1.4.9. | ||||
| CVE-2025-30523 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue affects Super Simple Subscriptions: from n/a through <= 1.1.0. | ||||
| CVE-2025-30522 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through <= 1.0.0. | ||||
| CVE-2025-30520 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crosstec Breezing Forms breezing-forms allows Reflected XSS.This issue affects Breezing Forms: from n/a through <= 1.2.8.11. | ||||
| CVE-2025-29014 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu dzs-restaurantmenu allows Reflected XSS.This issue affects FoodMenu: from n/a through <= 1.20. | ||||
| CVE-2025-29004 | 2 Aa-team, Wordpress | 3 Premium Age Verification Restriction For Wordpress, Responsive Coming Soon Landing Page Holding Page For Wordpress, Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress wordpress-flat-countdown allows Privilege Escalation.This issue affects Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through <= 3.0. | ||||
| CVE-2025-29002 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen snssimen allows PHP Local File Inclusion.This issue affects Simen: from n/a through <= 4.6. | ||||
| CVE-2025-29000 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8. | ||||
| CVE-2025-28999 | 3 Woocommerce, Wordpress, Zoomit | 3 Woocommerce, Wordpress, Woocommerce Shop Page Builder | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder dzs-wootable allows Reflected XSS.This issue affects WooCommerce Shop Page Builder: from n/a through <= 2.27.7. | ||||
| CVE-2025-28998 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue affects SERPed.net: from n/a through <= 4.6. | ||||
| CVE-2025-28993 | 2026-04-23 | 8.6 High | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through <= 0.1.4. | ||||
| CVE-2025-28992 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through <= 4.1. | ||||
| CVE-2025-28991 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through <= 3.4. | ||||
| CVE-2025-28990 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7. | ||||
| CVE-2025-28988 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3. | ||||
| CVE-2025-28986 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin epicwin-subscribers allows SQL Injection.This issue affects Epicwin Plugin: from n/a through <= 1.5. | ||||