Export limit exceeded: 346313 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346313 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28940 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0. | ||||
| CVE-2025-28939 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through <= 2.1. | ||||
| CVE-2025-28938 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3. | ||||
| CVE-2025-28937 | 2026-04-23 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through <= 1.1.9. | ||||
| CVE-2025-28936 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar lunar-sell-photos-online allows Stored XSS.This issue affects Lunar: from n/a through <= 1.3.0. | ||||
| CVE-2025-28935 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Fancybox Plus fancybox-plus allows Reflected XSS.This issue affects Fancybox Plus: from n/a through <= 1.0.1. | ||||
| CVE-2025-28934 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaozh Simple Post Series simple-post-series allows Reflected XSS.This issue affects Simple Post Series: from n/a through <= 2.4.4. | ||||
| CVE-2025-28933 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2. | ||||
| CVE-2025-28932 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4. | ||||
| CVE-2025-28931 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2. | ||||
| CVE-2025-28930 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud list-mixcloud allows Stored XSS.This issue affects List Mixcloud: from n/a through <= 1.4. | ||||
| CVE-2025-28929 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget tabbed-login allows Stored XSS.This issue affects Tabbed Login Widget: from n/a through <= 1.1.2. | ||||
| CVE-2025-28928 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress are-you-robot-recaptcha allows Reflected XSS.This issue affects Are you robot google recaptcha for wordpress: from n/a through <= 2.2. | ||||
| CVE-2026-41242 | 2 Protobuf, Protobufjs Project | 2 Protobuf, Protobufjs | 2026-04-23 | 9.8 Critical |
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue. | ||||
| CVE-2025-28927 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name display-template-name allows Cross Site Request Forgery.This issue affects Display Template Name: from n/a through <= 1.7.1. | ||||
| CVE-2025-28926 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time post-read-time allows Stored XSS.This issue affects Post Read Time: from n/a through <= 1.2.6. | ||||
| CVE-2025-28925 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through <= 1.1.2. | ||||
| CVE-2025-28924 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through <= 1.8. | ||||
| CVE-2025-28923 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1. | ||||
| CVE-2025-28922 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through <= 0.0.8. | ||||