Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68517 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||||
| CVE-2025-68516 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2026-04-27 | 5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||||
| CVE-2025-68511 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1. | ||||
| CVE-2025-68506 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03. | ||||
| CVE-2025-68505 | 2 H5p, Wordpress | 2 H5p, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1. | ||||
| CVE-2025-68500 | 2 Bdthemes, Wordpress | 2 Prime Slider, Wordpress | 2026-04-27 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10. | ||||
| CVE-2025-68496 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.0. | ||||
| CVE-2025-68067 | 2 Select-themes, Wordpress | 2 Stockholm Core, Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6. | ||||
| CVE-2025-68065 | 2 Liquidthemes, Wordpress | 2 Hub, Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8. | ||||
| CVE-2025-68061 | 2 Thememove, Wordpress | 2 Edumall, Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7. | ||||
| CVE-2025-68055 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32. | ||||
| CVE-2025-68054 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5. | ||||
| CVE-2025-68051 | 2 Shiprocket, Wordpress | 2 Shiprocket, Wordpress | 2026-04-27 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8. | ||||
| CVE-2025-68038 | 2 Icegram, Wordpress | 2 Icegram Express, Wordpress | 2026-04-27 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14. | ||||
| CVE-2025-68022 | 2 Soporteblue, Wordpress | 2 Plugin Bluex For Woocommerce, Wordpress | 2026-04-27 | 7.3 High |
| Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6. | ||||
| CVE-2025-68017 | 2 Antideo, Wordpress | 2 Email Validator, Wordpress | 2026-04-27 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10. | ||||
| CVE-2025-63063 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2. | ||||
| CVE-2025-63062 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0. | ||||
| CVE-2025-63060 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through < 4.25.0. | ||||
| CVE-2025-63039 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9. | ||||