Export limit exceeded: 347190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24683 | 2026-04-28 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill RSVP and Event Management rsvp allows SQL Injection.This issue affects RSVP and Event Management: from n/a through <= 2.7.14. | ||||
| CVE-2025-24625 | 2026-04-28 | 4.3 Medium | ||
| Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through <= 5.1. | ||||
| CVE-2025-23772 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petulla’ imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a through <= 1.7. | ||||
| CVE-2025-22794 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through <= 1.9.8. | ||||
| CVE-2024-56236 | 2026-04-28 | 4.3 Medium | ||
| Missing Authorization vulnerability in Juni Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through <= 2.4.0. | ||||
| CVE-2024-56026 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through <= 1.0. | ||||
| CVE-2024-54259 | 2026-04-28 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through <= 2.7.0. | ||||
| CVE-2024-53745 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 cosmosfarm-share-buttons allows Stored XSS.This issue affects 소셜 공유 버튼 By 코스모스팜: from n/a through <= 1.9. | ||||
| CVE-2024-52474 | 1 Trilncom Llc | 1 Express Payments Module | 2026-04-28 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through <= 1.1.8. | ||||
| CVE-2024-51901 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wojciechborowicz Smooth Maps colour-smooth-maps allows Stored XSS.This issue affects Smooth Maps: from n/a through <= 1.1. | ||||
| CVE-2024-51808 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pat O’Brien codeSnips codesnips allows Stored XSS.This issue affects codeSnips: from n/a through <= 1.2. | ||||
| CVE-2024-51802 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bread & Butter Bread & Butter bread-butter allows DOM-Based XSS.This issue affects Bread & Butter: from n/a through <= 7.4.857. | ||||
| CVE-2024-5059 | 1 Awplife | 1 Event Monster | 2026-04-28 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. | ||||
| CVE-2024-49280 | 2026-04-28 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through <= 1.10.6. | ||||
| CVE-2024-4744 | 2 Avirtum, Ipages Flipbook Project | 2 Ipages Flipbook, Ipages Flipbook | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1. | ||||
| CVE-2024-4747 | 1 Propovoice | 1 Propovoice Crm | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1.7.6.2. | ||||
| CVE-2024-4745 | 1 Seedprod | 1 Rafflepress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4. | ||||
| CVE-2024-4606 | 1 Bdthemes | 1 Utlimate Store Kit Elementor Addons | 2026-04-28 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3. | ||||
| CVE-2024-4433 | 2026-04-28 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through 2.4.0. | ||||
| CVE-2024-43316 | 1 Checkoutplugins | 1 Stripe Payments For Woocommerce | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. | ||||