Export limit exceeded: 78998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31387 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect instawp-connect allows PHP Local File Inclusion.This issue affects InstaWP Connect: from n/a through <= 0.1.0.82. | ||||
| CVE-2025-31385 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through <= 0.3. | ||||
| CVE-2025-31384 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos videos allows Reflected XSS.This issue affects Videos: from n/a through <= 1.0.5. | ||||
| CVE-2025-31383 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in sodena FrescoChat Live Chat flexytalk-widget allows Stored XSS.This issue affects FrescoChat Live Chat: from n/a through <= 3.2.6. | ||||
| CVE-2025-31382 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through <= 0.9. | ||||
| CVE-2025-31379 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0. | ||||
| CVE-2025-31378 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1. | ||||
| CVE-2025-31377 | 2026-04-23 | 7.5 High | ||
| Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product Feed For Marketing Channels: from n/a through <= 1.9.0. | ||||
| CVE-2025-31375 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled scheduled allows Stored XSS.This issue affects Scheduled: from n/a through <= 1.0. | ||||
| CVE-2025-31102 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.5. | ||||
| CVE-2025-31099 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through <= 1.1.0. | ||||
| CVE-2025-31098 | 2026-04-23 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows PHP Local File Inclusion.This issue affects DeBounce Email Validator: from n/a through <= 5.7. | ||||
| CVE-2025-31097 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.This issue affects Material Dashboard: from n/a through <= 1.4.5. | ||||
| CVE-2025-31089 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through <= 5.3.0. | ||||
| CVE-2025-31086 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product Table by WBW: from n/a through <= 2.1.4. | ||||
| CVE-2025-31085 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows Reflected XSS.This issue affects xili-language: from n/a through <= 2.21.2. | ||||
| CVE-2025-31082 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through <= 4.0. | ||||
| CVE-2025-31081 | 2 Shortpixel, Wordpress | 2 Enable Media Replace, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through <= 4.1.5. | ||||
| CVE-2025-31080 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.1. | ||||
| CVE-2025-31078 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.18. | ||||