Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49073 | 2 Axiomthemes, Wordpress | 2 Sweet Dessert, Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through < 1.1.13. | ||||
| CVE-2025-49072 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through < 1.2.12.1. | ||||
| CVE-2025-49071 | 2 Nasatheme, Wordpress | 2 Flozen, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through < 1.5.1. | ||||
| CVE-2025-49070 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1. | ||||
| CVE-2025-49066 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2. | ||||
| CVE-2025-49065 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0. | ||||
| CVE-2025-49064 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.10. | ||||
| CVE-2025-49063 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6. | ||||
| CVE-2025-49062 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3. | ||||
| CVE-2025-49061 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed porn-videos-embed allows Stored XSS.This issue affects Porn Videos Embed: from n/a through <= 0.9.1. | ||||
| CVE-2025-49059 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.20. | ||||
| CVE-2025-49058 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search soundst-seo-search allows Reflected XSS.This issue affects SoundSt SEO Search: from n/a through <= 1.2.3. | ||||
| CVE-2025-49057 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8. | ||||
| CVE-2025-49056 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2. | ||||
| CVE-2025-49055 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||
| CVE-2025-49054 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3. | ||||
| CVE-2025-49053 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager airdrop allows Stored XSS.This issue affects WP Airdrop Manager: from n/a through <= 1.0.5. | ||||
| CVE-2025-49052 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1. | ||||
| CVE-2025-49051 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through <= 1.1. | ||||
| CVE-2025-49050 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||