Export limit exceeded: 341935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63054 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.2. | ||||
| CVE-2025-63052 | 2 Gallerycreator, Wordpress | 2 Simply Gallery, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.3.2.1. | ||||
| CVE-2025-63033 | 3 Elementor, Riyadh Ahmed, Wordpress | 3 Elementor, Make Section And Column Clickable For Elementor, Wordpress | 2026-04-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a through <= 2.4. | ||||
| CVE-2025-63030 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | ||||
| CVE-2025-63025 | 2 Wordpress, Xagio | 2 Wordpress, Xagio Seo | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xagio SEO: from n/a through <= 7.1.0.35. | ||||
| CVE-2025-63023 | 3 Easy Payment, Woocommerce, Wordpress | 3 Payment Gateway For Paypal On Woo Commerce, Woocommerce, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through <= 9.0.53. | ||||
| CVE-2025-63015 | 3 Paysera, Woocommerce, Wordpress | 3 Woocommerce Payment Gateway, Woocommerce, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in paysera WooCommerce Payment Gateway - Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway - Paysera: from n/a through <= 3.10.0. | ||||
| CVE-2025-63012 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. | ||||
| CVE-2025-63011 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2026-04-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. | ||||
| CVE-2025-62999 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5. | ||||
| CVE-2025-62993 | 2 Rainafarai, Wordpress | 2 Notification For Telegram, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through <= 3.5. | ||||
| CVE-2025-62977 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in 沃之涛 百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.4. | ||||
| CVE-2025-62971 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through <= 1.4.7. | ||||
| CVE-2025-62970 | 2 Spencer Haws, Wordpress | 2 Link Whisper Free, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.9.2. | ||||
| CVE-2025-62969 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2025-62967 | 2 Designinvento, Wordpress | 2 Directorypress, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through <= 3.6.25. | ||||
| CVE-2025-62964 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.6. | ||||
| CVE-2025-62963 | 2 Estatik, Wordpress | 2 Estatik, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.3.0. | ||||
| CVE-2025-62959 | 2 Videowhisper, Wordpress | 2 Videowhisper, Wordpress | 2026-04-01 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.23. | ||||
| CVE-2025-62954 | 2 Revive, Wordpress | 2 Revive Old Posts, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3. | ||||