Export limit exceeded: 341807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341807 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64199 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3.2. | ||||
| CVE-2025-64198 | 2 Appscreo, Wordpress | 2 Easy Social Share Buttons, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through < 10.7.1. | ||||
| CVE-2025-64197 | 2 Sizam Design, Wordpress | 2 Rehub, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1. | ||||
| CVE-2025-64196 | 3 Booster, Pluggabl, Wordpress | 3 Booster For Woocommerce, Booster For Woocommerce, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5. | ||||
| CVE-2025-64195 | 2 Thimpress, Wordpress | 2 Eduma, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from n/a through <= 5.7.6. | ||||
| CVE-2025-64194 | 2 Thimpress, Wordpress | 2 Eduma, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6. | ||||
| CVE-2025-64193 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through < 9.6.1. | ||||
| CVE-2025-64192 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-01 | 6.3 Medium |
| Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6. | ||||
| CVE-2025-64191 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1. | ||||
| CVE-2025-64189 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6. | ||||
| CVE-2025-64188 | 2 Pencidesign, Wordpress | 2 Soledad, Wordpress | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9. | ||||
| CVE-2025-6327 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2026-04-01 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36. | ||||
| CVE-2025-6326 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0. | ||||
| CVE-2026-5007 | 1 Kazuph | 1 Mcp-docs-rag | 2026-04-01 | 5.3 Medium |
| A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2025-6325 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36. | ||||
| CVE-2025-6324 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through <= 2.0.9. | ||||
| CVE-2025-63076 | 2 Dream-theme, Wordpress | 2 The7, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through <= 2.7.11. | ||||
| CVE-2025-63072 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through <= 7.7.3. | ||||
| CVE-2025-63070 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2026-04-01 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32. | ||||
| CVE-2025-63069 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12. | ||||