Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54689 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7. | ||||
| CVE-2025-54688 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.1.2. | ||||
| CVE-2025-54687 | 2 Crocoblock, Wordpress | 2 Jettabs, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.9.1. | ||||
| CVE-2025-54686 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2. | ||||
| CVE-2025-54685 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash suredash allows Retrieve Embedded Sensitive Data.This issue affects SureDash: from n/a through <= 1.1.0. | ||||
| CVE-2025-54684 | 2 Crmperks, Wordpress | 2 Integration For Contact Form 7 And Constant Contact, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact cf7-constant-contact allows Stored XSS.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through <= 1.1.7. | ||||
| CVE-2025-54683 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal Popup with Cookie Integration: from n/a through <= 2.4. | ||||
| CVE-2025-54682 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4. | ||||
| CVE-2025-54681 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Phishing.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4. | ||||
| CVE-2025-54680 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Blogger Buzz blogger-buzz allows Stored XSS.This issue affects Blogger Buzz: from n/a through <= 1.2.6. | ||||
| CVE-2025-54679 | 2 Vertim, Wordpress | 2 Neon Channel Product Customizer Free, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0. | ||||
| CVE-2025-54678 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 3.8.15. | ||||
| CVE-2025-54677 | 2 Vcita, Wordpress | 3 Online Booking & Scheduling Calendar For Wordpress By Vcita, Online Booking \& Scheduling Calendar, Wordpress | 2026-04-01 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Using Malicious Files.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.3. | ||||
| CVE-2025-54676 | 2 Vcita, Wordpress | 3 Online Booking & Scheduling Calendar For Wordpress By Vcita, Online Booking \& Scheduling Calendar, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.3. | ||||
| CVE-2025-54675 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Compare | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0. | ||||
| CVE-2025-54674 | 3 Product Configurator For Woocommerce Project, Woocommerce, Wordpress | 3 Product Configurator For Woocommerce, Woocommerce, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4. | ||||
| CVE-2025-54673 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3. | ||||
| CVE-2025-54672 | 2 Jordy Meow, Wordpress | 2 Photo Engine, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3. | ||||
| CVE-2025-54671 | 2 Bobbingwide, Wordpress | 2 Oik, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2. | ||||
| CVE-2025-54670 | 2 Bobbingwide, Wordpress | 2 Oik, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2. | ||||