Export limit exceeded: 11767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11767 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52484 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deepintowp Wc Recently viewed products wc-recently-viewed-products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through <= 1.0.1. | ||||
| CVE-2025-26872 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | ||||
| CVE-2025-48303 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through <= 0.6. | ||||
| CVE-2025-23718 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mancx Mancx AskMe Widget mancx-askme-widget allows Reflected XSS.This issue affects Mancx AskMe Widget: from n/a through <= 0.3. | ||||
| CVE-2024-56004 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through <= 1.0.1. | ||||
| CVE-2024-56030 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carver Lab 10CentMail 10centmail-subscription-management-and-analytics allows Reflected XSS.This issue affects 10CentMail: from n/a through <= 2.1.50. | ||||
| CVE-2025-58865 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through <= 1.3.3. | ||||
| CVE-2024-56231 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing saaspricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through <= 1.2.4. | ||||
| CVE-2025-31834 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8. | ||||
| CVE-2025-39506 | 2 Nasatheme, Wordpress | 2 Nasa Core, Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through <= 6.3.2. | ||||
| CVE-2025-48318 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through <= 1.2. | ||||
| CVE-2025-53329 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 spolecznosciowa-6-pl-2013 allows Stored XSS.This issue affects Społecznościowa 6 PL 2013: from n/a through <= 2.0.6. | ||||
| CVE-2025-23540 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Khan WP Front-end login and register wp-front-end-login-and-register allows Reflected XSS.This issue affects WP Front-end login and register: from n/a through <= 2.1.0. | ||||
| CVE-2025-49876 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. | ||||
| CVE-2024-12575 | 2 Ays-pro, Wordpress | 2 Poll Maker, Wordpress | 2026-04-15 | 5.3 Medium |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response. | ||||
| CVE-2025-69363 | 2 Cyberchimps, Wordpress | 2 Responsive Addons For Elementor, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8. | ||||
| CVE-2025-53274 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6. | ||||
| CVE-2025-58018 | 2 Richard Leishman, Wordpress | 2 Mail Subscribe List, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Leishman Mail Subscribe List mail-subscribe-list allows Stored XSS.This issue affects Mail Subscribe List: from n/a through <= 2.1.10. | ||||
| CVE-2023-23872 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. | ||||
| CVE-2023-23988 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. | ||||