Export limit exceeded: 346245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346245 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54022 | 2026-04-23 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Cross Site Request Forgery.This issue affects Coupon Affiliates: from n/a through <= 6.4.0. | ||||
| CVE-2025-54021 | 2026-04-23 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through <= 6.1.14. | ||||
| CVE-2025-54020 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through <= 0.6.3. | ||||
| CVE-2025-54019 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through < 7.8.5. | ||||
| CVE-2025-54018 | 2 Creativemindssolutions, Wordpress | 2 Cm Pop-up Banners, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Pop-Up banners: from n/a through <= 1.8.4. | ||||
| CVE-2025-54017 | 2 Cozmoslabs, Wordpress | 2 Paid Member Subscriptions, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.4. | ||||
| CVE-2025-54016 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack video-embed-thumbnail-generator allows DOM-Based XSS.This issue affects Videopack: from n/a through <= 4.10.3. | ||||
| CVE-2025-54015 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.6 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows PHP Local File Inclusion.This issue affects HT Contact Form 7: from n/a through <= 2.0.0. | ||||
| CVE-2025-54014 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a through <= 15.1. | ||||
| CVE-2025-54013 | 2026-04-23 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Stored XSS.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16. | ||||
| CVE-2025-54012 | 2 Welcart, Wordpress | 2 E-commerce, Wordpress | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16. | ||||
| CVE-2025-54011 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in SMTP2GO SMTP2GO smtp2go allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMTP2GO: from n/a through <= 1.12.1. | ||||
| CVE-2025-54010 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50. | ||||
| CVE-2025-54009 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Stored XSS.This issue affects JetSmartFilters: from n/a through <= 3.6.8. | ||||
| CVE-2025-54007 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Object Injection.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.11. | ||||
| CVE-2025-54006 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.4.1. | ||||
| CVE-2025-54005 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9. | ||||
| CVE-2025-54004 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 2.7 Low |
| Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24. | ||||
| CVE-2025-54003 | 2 Mikado-themes, Wordpress | 2 Depot, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16. | ||||
| CVE-2025-54002 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4. | ||||