Export limit exceeded: 334784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58270 | 2 Nix Solutions, Wordpress | 2 Nix Anti-spam Light, Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Cross Site Request Forgery. This issue affects NIX Anti-Spam Light: from n/a through 0.0.4. | ||||
| CVE-2025-58269 | 2 Wedevs, Wordpress | 2 Wp Project Manager, Wordpress | 2025-09-23 | 5.3 Medium |
| Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded Sensitive Data. This issue affects WP Project Manager: from n/a through 2.6.25. | ||||
| CVE-2025-58268 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator allows Stored XSS. This issue affects WPMK PDF Generator: from n/a through 1.0.1. | ||||
| CVE-2025-58267 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message allows Stored XSS. This issue affects Stock Message: from n/a through 1.1.0. | ||||
| CVE-2025-58266 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism allows Stored XSS. This issue affects Gianism: from n/a through 5.2.2. | ||||
| CVE-2025-58258 | 2 Thedevoice, Wordpress | 2 Lazy Blocks, Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in nK Lazy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Lazy Blocks: from n/a through 4.1.0. | ||||
| CVE-2025-58257 | 2 Picture-planet, Wordpress | 2 Verowa Connect, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect allows Stored XSS. This issue affects Verowa Connect: from n/a through 3.2.3. | ||||
| CVE-2025-58256 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Brinley DOAJ Export allows Stored XSS. This issue affects DOAJ Export: from n/a through 1.0.4. | ||||
| CVE-2025-58255 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code Injection. This issue affects Custom Post Type Images: from n/a through 0.5. | ||||
| CVE-2025-58254 | 3 Dtbaker, Elementor, Wordpress | 3 Stylepress, Elementor, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor allows Stored XSS. This issue affects StylePress for Elementor: from n/a through 1.2.1. | ||||
| CVE-2025-58253 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager allows DOM-Based XSS. This issue affects Real Estate Manager: from n/a through 7.3. | ||||
| CVE-2025-58252 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid allows Retrieve Embedded Sensitive Data. This issue affects Getwid: from n/a through 2.1.2. | ||||
| CVE-2024-41794 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2025-09-23 | 10 Critical |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793). | ||||
| CVE-2025-58251 | 3 Elementor, Posimyth, Wordpress | 3 Elementor, Sticky Header Effects, Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header Effects for Elementor: from n/a through 2.1.2. | ||||
| CVE-2025-58250 | 2 Apustheme, Wordpress | 2 Findgo, Wordpress | 2025-09-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Authentication Bypass. This issue affects Findgo: from n/a through 1.3.55. | ||||
| CVE-2025-58249 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2025-09-23 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely allows Retrieve Embedded Sensitive Data. This issue affects Qubely: from n/a through 1.8.14. | ||||
| CVE-2025-58248 | 2 Codefish, Wordpress | 2 Pinterest Pinboard Widget, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codefish Pinterest Pinboard Widget allows Stored XSS. This issue affects Pinterest Pinboard Widget: from n/a through 1.0.7. | ||||
| CVE-2025-58247 | 2 Templateinvaders, Wordpress | 2 Ti Woocommerce Wishlist, Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | ||||
| CVE-2025-58245 | 2 Bestweblayout, Wordpress | 2 Portfolio, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. | ||||
| CVE-2025-58244 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. | ||||