Export limit exceeded: 10015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346629 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69009 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through <= 1.0.9. | ||||
| CVE-2025-68995 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3. | ||||
| CVE-2025-68994 | 3 Woocommerce, Wordpress, Xforwoocommerce | 3 Woocommerce, Wordpress, Product Loops | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce product-loops allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Loops for WooCommerce: from n/a through <= 2.1.2. | ||||
| CVE-2025-68993 | 3 Woocommerce, Wordpress, Xforwoocommerce | 3 Woocommerce, Wordpress, Share, Print And Pdf Products | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2. | ||||
| CVE-2025-68897 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through <= 1.2. | ||||
| CVE-2025-68893 | 2 Hetworks, Wordpress | 2 Wordpress Image Shrinker, Wordpress | 2026-04-23 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through <= 1.1.0. | ||||
| CVE-2025-68885 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through <= 1.1.0. | ||||
| CVE-2025-68879 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through <= 1.5. | ||||
| CVE-2025-68878 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through <= 1.1.0. | ||||
| CVE-2025-68877 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce CedCommerce Integration for Good Market ced-good-market-integration allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from n/a through <= 1.0.6. | ||||
| CVE-2025-68876 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through <= 1.0.8. | ||||
| CVE-2025-68870 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through <= 1.0.0. | ||||
| CVE-2025-68868 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codeaffairs Wp Text Slider Widget wp-text-slider-widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through <= 1.0. | ||||
| CVE-2025-68865 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.11. | ||||
| CVE-2025-68861 | 2 Plugin Optimizer, Wordpress | 2 Plugin Optimizer, Wordpress | 2026-04-23 | 7.1 High |
| Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7. | ||||
| CVE-2025-68860 | 2 Mobile Builder, Wordpress | 2 Mobile Builder, Wordpress | 2026-04-23 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through <= 1.4.2. | ||||
| CVE-2025-68853 | 2 Kleor, Wordpress | 2 Contact Manager, Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1. | ||||
| CVE-2025-68852 | 2 Webmuehle, Wordpress | 2 Court Reservation, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13. | ||||
| CVE-2025-68837 | 2 Elextensions, Wordpress | 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. | ||||
| CVE-2025-68836 | 2 Markbeljaars, Wordpress | 2 Table Of Contents Creator, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator table-of-contents-creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through <= 1.6.4.1. | ||||