Export limit exceeded: 344866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13215 | 2 Averta, Wordpress | 2 Shortcodes And Extra Features For Phlox Theme, Wordpress | 2026-04-15 | 5.3 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract titles of draft posts that they should not have access to. | ||||
| CVE-2025-39410 | 2026-04-15 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8. | ||||
| CVE-2025-39411 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Indie_Plugins WhatsApp Click to Chat Plugin for WordPress wpt-whatsapp.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through <= 2.2.12. | ||||
| CVE-2025-39431 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin amazon-showcase-wordpress-widget allows Stored XSS.This issue affects Amazon Showcase WordPress Plugin: from n/a through <= 2.2. | ||||
| CVE-2025-39414 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through <= 3.1.3. | ||||
| CVE-2025-39415 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links social-media-links allows Stored XSS.This issue affects Social Media Links: from n/a through <= 1.0.3. | ||||
| CVE-2025-39416 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! translit-it allows Stored XSS.This issue affects translit it!: from n/a through <= 1.6. | ||||
| CVE-2025-39418 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager rss-manager allows Stored XSS.This issue affects RSS Manager: from n/a through <= 0.06. | ||||
| CVE-2025-39419 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet revision-diet allows Stored XSS.This issue affects Revision Diet: from n/a through <= 1.0.1. | ||||
| CVE-2025-39420 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button wp-twitter-button allows Stored XSS.This issue affects WP Twitter Button: from n/a through <= 1.4.1. | ||||
| CVE-2025-39422 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking wp-social-bookmarking allows Stored XSS.This issue affects WP Social Bookmarking: from n/a through <= 3.6. | ||||
| CVE-2025-39423 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0. | ||||
| CVE-2025-39424 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps interactive-maps allows Stored XSS.This issue affects Simple Maps: from n/a through <= 0.98. | ||||
| CVE-2025-39425 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through <= 2.2.7. | ||||
| CVE-2025-39427 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced wp-post-to-pdf-enhanced allows Stored XSS.This issue affects WP Post to PDF Enhanced: from n/a through <= 1.1.1. | ||||
| CVE-2025-39429 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo szechenyi-2020-logo allows PHP Local File Inclusion.This issue affects Széchenyi 2020 Logo: from n/a through <= 1.1. | ||||
| CVE-2025-39437 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.3. | ||||
| CVE-2025-39434 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through <= 0.1.4. | ||||
| CVE-2025-39435 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia my-marginalia allows Stored XSS.This issue affects My Marginalia: from n/a through <= 1.0.6. | ||||
| CVE-2025-39438 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through <= 1.4. | ||||