Export limit exceeded: 341809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64632 | 2 Auctollo, Wordpress | 2 Google-sitemap-generator, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22. | ||||
| CVE-2025-64631 | 2 Wclovers, Wordpress | 2 Wcfm Marketplace, Wordpress | 2026-04-01 | 5 Medium |
| Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1. | ||||
| CVE-2025-64289 | 3 Premmerce, Woocommerce, Wordpress | 4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more | 2026-04-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.5. | ||||
| CVE-2025-64284 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.0.7. | ||||
| CVE-2025-64250 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-04-01 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through <= 8.6.6. | ||||
| CVE-2025-64247 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in edmon.parker Read More & Accordion expand-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Read More & Accordion: from n/a through <= 3.5.5.1. | ||||
| CVE-2025-64242 | 2 Merv Barrett, Wordpress | 2 Easy Property Listings, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.21. | ||||
| CVE-2025-63077 | 3 Elementor, Happymonster, Wordpress | 3 Elementor, Happy Addons For Elementor, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3. | ||||
| CVE-2025-63075 | 2 Muffingroup, Wordpress | 2 Betheme, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.2. | ||||
| CVE-2025-63074 | 2 Dream-theme, Wordpress | 2 The7, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through < 12.8.1.1. | ||||
| CVE-2025-63073 | 2 Dream-theme, Wordpress | 2 The7, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through < 12.9.0. | ||||
| CVE-2025-63071 | 2 Averta, Wordpress | 2 Shortcodes And Extra Features For Phlox Theme, Wordpress | 2026-04-01 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15. | ||||
| CVE-2025-63068 | 2 Sevenspark, Wordpress | 2 Contact Form 7 - Dynamic Text Extension, Wordpress | 2026-04-01 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.5. | ||||
| CVE-2025-63067 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3. | ||||
| CVE-2025-63066 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3. | ||||
| CVE-2025-63061 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through < 4.25.0. | ||||
| CVE-2025-63060 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through < 4.25.0. | ||||
| CVE-2025-63058 | 2 Hiroaki Miyashita, Wordpress | 2 Custom Field Template, Wordpress | 2026-04-01 | 4.4 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.6. | ||||
| CVE-2025-63057 | 2 Roxnor, Wordpress | 2 Wp Ultimate Review, Wordpress | 2026-04-01 | 8.2 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.7. | ||||
| CVE-2025-63056 | 2 Bestwebsoft, Wordpress | 2 Contact Form, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.6. | ||||