Export limit exceeded: 43539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12040 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28899 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toddhuish WP Event Ticketing wpeventticketing allows Reflected XSS.This issue affects WP Event Ticketing: from n/a through <= 1.3.4. | ||||
| CVE-2025-28898 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.2. | ||||
| CVE-2025-28893 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through <= 1.2.1. | ||||
| CVE-2025-28891 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc price-calc allows Stored XSS.This issue affects price-calc: from n/a through <= 0.6.3. | ||||
| CVE-2025-28890 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through <= 3.1.3. | ||||
| CVE-2025-28887 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through <= 0.1.3. | ||||
| CVE-2025-28885 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This issue affects Fiverr.com Official Search Box: from n/a through <= 1.0.8. | ||||
| CVE-2025-28884 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a through <= 1.2. | ||||
| CVE-2025-28882 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omnify, Inc. Omnify omnify-widget allows Reflected XSS.This issue affects Omnify: from n/a through <= 2.0.3. | ||||
| CVE-2025-28880 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jotis Blue Captcha blue-captcha allows Reflected XSS.This issue affects Blue Captcha: from n/a through <= 1.7.4. | ||||
| CVE-2025-28873 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Scott Taylor Shuffle shuffle allows Blind SQL Injection.This issue affects Shuffle: from n/a through <= 0.5. | ||||
| CVE-2025-28865 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through <= 2.0.1. | ||||
| CVE-2025-28855 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4. | ||||
| CVE-2025-27360 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through <= 1.4.9. | ||||
| CVE-2025-27357 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link onceki-yazi-linki allows Cross Site Request Forgery.This issue affects Önceki Yazı Link: from n/a through <= 1.3. | ||||
| CVE-2025-27356 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0. | ||||
| CVE-2025-27352 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 wumii-related-posts allows Stored XSS.This issue affects 无觅相关文章插件: from n/a through <= 1.0.5.7. | ||||
| CVE-2025-27351 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpertBusinessSearch Local Search SEO Contact Page local-search-seo-contact-page allows Stored XSS.This issue affects Local Search SEO Contact Page: from n/a through <= 4.0.1. | ||||
| CVE-2025-27349 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a through <= 0.6. | ||||
| CVE-2025-27345 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Reflected XSS.This issue affects Booking Ultra Pro: from n/a through <= 1.1.19. | ||||