Export limit exceeded: 346314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346314 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68834 | 2 Saiful Islam, Wordpress | 2 Sync Master Sheet – Product Sync With Google Sheet For Woocommerce, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3. | ||||
| CVE-2025-68608 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9. | ||||
| CVE-2025-68607 | 2 Hiroaki Miyashita, Wordpress | 2 Custom Field Template, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through <= 2.7.7. | ||||
| CVE-2025-68606 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-04-23 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-68605 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23. | ||||
| CVE-2025-68603 | 2 Marketing Fire, Wordpress | 2 Editorial Calendar, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8. | ||||
| CVE-2025-68602 | 2 Scott Paterson, Wordpress | 2 Accept Donations With Paypal, Wordpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.5.2. | ||||
| CVE-2025-68601 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8. | ||||
| CVE-2025-68600 | 2 Wordpress, Ylefebvre | 2 Wordpress, Link Library | 2026-04-23 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.7. | ||||
| CVE-2025-68599 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4. | ||||
| CVE-2025-68598 | 2 Livecomposer, Wordpress | 2 Page Builder: Live Composer, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.13. | ||||
| CVE-2025-68597 | 2 Blueglass, Wordpress | 2 Jobs For Wordpress, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.8.1. | ||||
| CVE-2025-68596 | 2 Bitapps, Wordpress | 2 Bit Assist, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11. | ||||
| CVE-2025-68595 | 2 Trustindex, Wordpress | 2 Widgets For Social Photo Feed, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8. | ||||
| CVE-2025-68594 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0. | ||||
| CVE-2025-68593 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||
| CVE-2025-68592 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||
| CVE-2025-68591 | 2 Mitchell Bennis, Wordpress | 2 Simple File List, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18. | ||||
| CVE-2025-68590 | 2 Crm Perks, Wordpress | 2 Integration For Contact Form 7 Hubspot, Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2. | ||||
| CVE-2024-2374 | 1 Wso2 | 10 Api Manager, Identity Server, Identity Server As Key Manager and 7 more | 2026-04-23 | 7.5 High |
| The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources. | ||||