Export limit exceeded: 346260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26743 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance WP Query Search Filter: from n/a through <= 1.0.10. | ||||
| CVE-2025-26742 | 2 Ghozylab, Wordpress | 2 Gallery For Social Photo, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo feed-instagram-lite allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through <= 1.0.0.35. | ||||
| CVE-2025-26741 | 2026-04-23 | 8.8 High | ||
| Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6. | ||||
| CVE-2025-26740 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through <= 1.0.18. | ||||
| CVE-2025-26739 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo newseqo allows Stored XSS.This issue affects newseqo: from n/a through <= 2.1.1. | ||||
| CVE-2025-26738 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider quick-interest-slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through <= 3.1.5. | ||||
| CVE-2025-26737 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store city-store allows DOM-Based XSS.This issue affects City Store: from n/a through <= 1.4.5. | ||||
| CVE-2025-26736 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through <= 1.3.2. | ||||
| CVE-2025-26735 | 2026-04-23 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip grip.This issue affects Grip: from n/a through <= 1.0.9. | ||||
| CVE-2025-26734 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester hester allows Stored XSS.This issue affects Hester: from n/a through <= 1.1.10. | ||||
| CVE-2025-26733 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.2 High |
| Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. | ||||
| CVE-2025-26732 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware StoreBiz storebiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through <= 1.0.32. | ||||
| CVE-2025-26731 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARPrice arprice allows Stored XSS.This issue affects ARPrice: from n/a through <= 4.1.3. | ||||
| CVE-2025-26730 | 2026-04-23 | 7.5 High | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data macro-admin-email-data-optin-calculator.This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through <= 1.0. | ||||
| CVE-2025-26593 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Cross Site Request Forgery.This issue affects FastBook: from n/a through <= 1.1. | ||||
| CVE-2025-26592 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through <= 1.0.0. | ||||
| CVE-2025-26591 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through <= 1.0.3. | ||||
| CVE-2025-26590 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through <= 3.5.1. | ||||
| CVE-2025-26589 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Dino IE CSS3 Support ie-css3-support allows Reflected XSS.This issue affects IE CSS3 Support: from n/a through <= 2.0.1. | ||||
| CVE-2025-26588 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gabrielperezs TTT Crop ttt-crop allows Reflected XSS.This issue affects TTT Crop: from n/a through <= 1.0. | ||||