Export limit exceeded: 347147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347147 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50053 | 3 Google, Nebelhorn, Wordpress | 3 Android, Blappsta Mobile App Plugin, Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App: from n/a through <= 0.8.8.8. | ||||
| CVE-2025-50034 | 2026-04-28 | 6.5 Medium | ||
| Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through <= 1.4.1. | ||||
| CVE-2025-50032 | 2026-04-28 | 6.5 Medium | ||
| Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce paytiko allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paytiko for WooCommerce: from n/a through <= 1.3.21. | ||||
| CVE-2025-50026 | 2026-04-28 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki spoki allows Stored XSS.This issue affects Spoki: from n/a through <= 2.17.0. | ||||
| CVE-2025-50008 | 2026-04-28 | 5.4 Medium | ||
| Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through <= 1.2.4.5. | ||||
| CVE-2025-49982 | 2026-04-28 | 4.3 Medium | ||
| Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: from n/a through <= 8.3.4. | ||||
| CVE-2025-49977 | 2026-04-28 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <= 2.3.4. | ||||
| CVE-2025-49957 | 2 Weboccult Technologies, Wordpress | 2 Email Attachment By Order Status And Products, Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status & Products: from n/a through <= 1.0.1. | ||||
| CVE-2025-49902 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1. | ||||
| CVE-2025-49509 | 2026-04-28 | 5.3 Medium | ||
| Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1. | ||||
| CVE-2025-49451 | 2026-04-28 | 7.5 High | ||
| Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through <= 1.0.13. | ||||
| CVE-2025-49351 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through <= 1.3.1. | ||||
| CVE-2025-49352 | 3 Woocommerce, Wordpress, Yoohw Studio | 3 Woocommerce, Wordpress, Order Cancellation & Returns For Woocommerce | 2026-04-28 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through <= 1.1.11. | ||||
| CVE-2025-49340 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through <= 1.3.2. | ||||
| CVE-2025-49334 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through <= 1.7.1. | ||||
| CVE-2025-49339 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through <= 1.3.2. | ||||
| CVE-2025-49048 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-recording allows Stored XSS.This issue affects Inspectlet – User Session Recording and Heatmaps: from n/a through <= 2.0. | ||||
| CVE-2025-48358 | 2026-04-28 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce risk-free-cash-on-delivery-cod-woocommerce allows Stored XSS.This issue affects Risk Free Cash On Delivery (COD) – WooCommerce: from n/a through <= 1.0.4. | ||||
| CVE-2025-48350 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from n/a through <= 2.2.7. | ||||
| CVE-2025-48346 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through <= 1.0.8. | ||||