Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49414 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0. | ||||
| CVE-2025-49413 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6. | ||||
| CVE-2025-49412 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition page-transition allows Stored XSS.This issue affects Page Transition: from n/a through <= 1.3. | ||||
| CVE-2025-49411 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma FAQ Revolution - WordPress Plugin faq-revo allows Reflected XSS.This issue affects FAQ Revolution - WordPress Plugin: from n/a through <= 1.5.0. | ||||
| CVE-2025-49410 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Imran Emu Portfolio Manager Pro otw-portfolio-manager allows Upload a Web Shell to a Web Server.This issue affects Portfolio Manager Pro: from n/a through 3.8. | ||||
| CVE-2025-49409 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in brewlabs Portfolio Manager Pro otw-portfolio-manager allows Object Injection.This issue affects Portfolio Manager Pro: from n/a through 3.8. | ||||
| CVE-2025-49408 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification / Restriction for WordPress age-restriction allows Using Malicious Files.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. | ||||
| CVE-2025-49407 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in favethemes Premium SEO Pack premium-seo-pack allows Privilege Escalation.This issue affects Premium SEO Pack: from n/a through <= 3.3.2. | ||||
| CVE-2025-49406 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Premium Age Verification / Restriction for WordPress age-restriction allows Blind SQL Injection.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. | ||||
| CVE-2025-49405 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 4.3 Medium |
| Path Traversal: '.../...//' vulnerability in Favethemes Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0. | ||||
| CVE-2025-49404 | 2 Purethemes, Wordpress | 2 Listeo, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo Core listeo-core allows SQL Injection.This issue affects Listeo Core: from n/a through < 2.0.7. | ||||
| CVE-2025-49402 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3. | ||||
| CVE-2025-49401 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | ||||
| CVE-2025-49400 | 2026-04-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in osama.esh PressApps Knowledge Base Contextual Sidebar Addon pressapps-knowledge-base allows Object Injection.This issue affects PressApps Knowledge Base Contextual Sidebar Addon: from n/a through <= 4.2.1. | ||||
| CVE-2025-49399 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3. | ||||
| CVE-2025-49398 | 2 Easy-appointments, Wordpress | 2 Easy Appointments, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14. | ||||
| CVE-2025-49397 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox wp-colorbox allows Stored XSS.This issue affects Colorbox Lightbox: from n/a through <= 1.1.5. | ||||
| CVE-2025-49396 | 2 Themify, Wordpress | 2 Themify Builder, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through <= 7.6.7. | ||||
| CVE-2025-49395 | 2 Themify, Wordpress | 2 Icons, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons themify-icons allows Stored XSS.This issue affects Themify Icons: from n/a through <= 2.0.3. | ||||
| CVE-2025-49394 | 2 Bplugins, Wordpress | 2 Image Gallery Block, Wordpress | 2026-04-23 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7. | ||||