Export limit exceeded: 346260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52746 | 2 Ayecode, Wordpress | 2 Restaurante, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through <= 3.0.7. | ||||
| CVE-2025-52744 | 2 Inpersttion, Wordpress | 2 Inpersttion For Theme, Wordpress | 2026-04-23 | 7.7 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0. | ||||
| CVE-2025-52739 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala sala allows Reflected XSS.This issue affects Sala: from n/a through <= 1.1.3. | ||||
| CVE-2025-52738 | 2 Mediawiki, Wordpress | 2 Wikipedia Preview, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0. | ||||
| CVE-2025-52735 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0. | ||||
| CVE-2025-52734 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1. | ||||
| CVE-2025-52733 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anonform Ab ANON::form embedded secure form anonform-embedded-secure-form allows DOM-Based XSS.This issue affects ANON::form embedded secure form: from n/a through <= 1.7. | ||||
| CVE-2025-52732 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a through <= 1.1.6. | ||||
| CVE-2025-52731 | 2 Themefunction, Wordpress | 2 Wordpress Event Manager Event Calendar And Booking Plugin, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24. | ||||
| CVE-2025-52730 | 2 Themefunction, Wordpress | 2 Wordpress Event Manager Event Calendar And Booking Plugin, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24. | ||||
| CVE-2025-52729 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.9. | ||||
| CVE-2025-52728 | 2 Webcodingplace, Wordpress | 2 Responsive Posts Carousel Plugin, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.0. | ||||
| CVE-2025-52727 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XSS.This issue affects CSS3 Vertical Web Pricing Tables: from n/a through <= 1.9. | ||||
| CVE-2025-52726 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.6 High |
| Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0. | ||||
| CVE-2025-52725 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through <= 3.0.0. | ||||
| CVE-2025-52724 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0. | ||||
| CVE-2025-52723 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through <= 1.2.0. | ||||
| CVE-2025-52722 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera classiera allows SQL Injection.This issue affects Classiera: from n/a through <= 4.0.34. | ||||
| CVE-2025-52721 | 2 Lcweb, Wordpress | 2 Global Gallery, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in LCweb Global Gallery global-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Global Gallery: from n/a through <= 9.2.3. | ||||
| CVE-2025-52720 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.5. | ||||