Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25983 | 1 Logon | 1 Kb Support | 2026-04-28 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | ||||
| CVE-2023-25965 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0. | ||||
| CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2026-04-28 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25960 | 1 Zendrop | 1 Zendrop | 2026-04-28 | 10 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25785 | 2026-04-28 | 5.3 Medium | ||
| Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | ||||
| CVE-2023-25790 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-28 | 5.3 Medium |
| Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | ||||
| CVE-2023-25715 | 1 Gamipress | 1 Gamipress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | ||||
| CVE-2023-25699 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2026-04-28 | 9 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. | ||||
| CVE-2023-25466 | 1 Mahlamusa | 1 Who Hit The Page - Hit Counter | 2026-04-28 | 5.8 Medium |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions. | ||||
| CVE-2023-25457 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1. | ||||
| CVE-2023-25057 | 1 Libsyn | 1 Libsyn Publisher Hub | 2026-04-28 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2. | ||||
| CVE-2023-25054 | 1 Carrcommunications | 1 Rsvpmaker | 2026-04-28 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. | ||||
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2026-04-28 | 6.7 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | ||||
| CVE-2023-25043 | 1 Supsystic | 1 Data Tables Generator | 2026-04-28 | 4.3 Medium |
| Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. | ||||
| CVE-2023-25030 | 1 Buymeacoffee | 1 Buy Me A Coffee | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | ||||
| CVE-2023-25039 | 2 Codepeople, Wordpress | 2 Google Maps Cp, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43. | ||||
| CVE-2023-2487 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2026-04-28 | 5.9 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | ||||
| CVE-2023-24410 | 1 Fluentforms | 1 Contact Form | 2026-04-28 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25. | ||||
| CVE-2023-24403 | 1 Wpforthewin | 1 Bbpress Voting | 2026-04-28 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions. | ||||
| CVE-2023-24388 | 1 Wpdevart | 1 Booking Calendar | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). | ||||