Export limit exceeded: 10471 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10471 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62016 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0. | ||||
| CVE-2025-62015 | 3 Josh Kohlbach, Woocommerce, Wordpress | 4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more | 2026-01-20 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8. | ||||
| CVE-2025-62014 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42. | ||||
| CVE-2025-62013 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0. | ||||
| CVE-2025-62012 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5. | ||||
| CVE-2025-62011 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through <= 5.10.5. | ||||
| CVE-2025-62010 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Famita famita allows PHP Local File Inclusion.This issue affects Famita: from n/a through <= 1.54. | ||||
| CVE-2025-62009 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2. | ||||
| CVE-2025-62008 | 3 Acowebs, Woocommerce, Wordpress | 3 Product Labels For Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | ||||
| CVE-2025-62007 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3. | ||||
| CVE-2025-62006 | 2 Veronalabs, Wordpress | 2 Wp Sms, Wordpress | 2026-01-20 | 5.4 Medium |
| Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1. | ||||
| CVE-2025-62005 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumomemberships, Woocommerce, Wordpress | 2026-01-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0. | ||||
| CVE-2025-60248 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Product Bundles For Woocommerce | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through <= 1.8.6. | ||||
| CVE-2025-60247 | 3 Bux, Woocommerce, Wordpress | 3 Bux Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 6.5 Medium |
| Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3. | ||||
| CVE-2025-60246 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0. | ||||
| CVE-2025-60245 | 2 Wordpress, Wpusermanager | 2 Wordpress, Wp User Manager | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | ||||
| CVE-2025-60244 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.4.2. | ||||
| CVE-2025-60243 | 3 Holest Engineering, Woocommerce, Wordpress | 3 Selling Commander For Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46. | ||||
| CVE-2025-60242 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through <= 1.4. | ||||
| CVE-2025-60241 | 2 Premmerce, Wordpress | 2 Premmerce, Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19. | ||||