Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49870 | 2 Cozmoslabs, Wordpress | 2 Paid Member Subscriptions, Wordpress | 2026-04-23 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1. | ||||
| CVE-2025-49869 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31. | ||||
| CVE-2025-49867 | 2 Inspirythemes, Wordpress | 2 Realhomes, Wordpress | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0. | ||||
| CVE-2025-49860 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0. | ||||
| CVE-2025-49453 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through <= 1.1. | ||||
| CVE-2025-49450 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mhallmann SEPA Girocode sepa-girocode allows Stored XSS.This issue affects SEPA Girocode: from n/a through <= 0.5.1. | ||||
| CVE-2025-49448 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu fw-food-menu allows Path Traversal.This issue affects FW Food Menu : from n/a through <= 6.0.0. | ||||
| CVE-2025-49447 | 2 Fastw3b, Wordpress | 2 Fw Food Menu Plugin, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu fw-food-menu allows Using Malicious Files.This issue affects FW Food Menu : from n/a through <= 6.0.0. | ||||
| CVE-2025-49446 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through <= 1.1. | ||||
| CVE-2025-49444 | 2 Merkulove, Wordpress | 2 Reformer For Elementor, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through <= 1.0.5. | ||||
| CVE-2025-49443 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris McCoy Bacon Ipsum bacon-ipsum allows Stored XSS.This issue affects Bacon Ipsum: from n/a through <= 2.4. | ||||
| CVE-2025-49442 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple Nested Menu: from n/a through <= 1.0. | ||||
| CVE-2025-49439 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV atelier-create-cv allows Cross Site Request Forgery.This issue affects Atelier Create CV: from n/a through <= 1.1.5. | ||||
| CVE-2025-49438 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Max Chirkov Talemy talemy allows PHP Local File Inclusion.This issue affects Talemy: from n/a through <= 1.2.23. | ||||
| CVE-2025-49436 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a through <= 1.8. | ||||
| CVE-2025-49434 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2. | ||||
| CVE-2025-49432 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1. | ||||
| CVE-2025-49430 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through <= 10.1. | ||||
| CVE-2025-49429 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through <= 0.1.1. | ||||
| CVE-2025-49428 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dourou Spirit Framework spirit-framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through <= 1.2.13. | ||||