Export limit exceeded: 15487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46461 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB rrssb allows DOM-Based XSS.This issue affects RRSSB: from n/a through <= 1.0.1. | ||||
| CVE-2025-46458 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows SQL Injection.This issue affects occupancyplan: from n/a through <= 1.0.3.0. | ||||
| CVE-2025-46457 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through <= 2.1. | ||||
| CVE-2025-46455 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1. | ||||
| CVE-2025-46452 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News google-news allows Stored XSS.This issue affects Google News: from n/a through <= 2.5.1. | ||||
| CVE-2025-46449 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips wowhead-tooltips allows Stored XSS.This issue affects WoWHead Tooltips: from n/a through <= 2.0.1. | ||||
| CVE-2025-46447 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra fable-extra allows DOM-Based XSS.This issue affects Fable Extra: from n/a through <= 1.0.6. | ||||
| CVE-2025-46445 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown external-markdown allows Stored XSS.This issue affects External Markdown: from n/a through <= 0.0.1. | ||||
| CVE-2025-46442 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator repayment-calculator allows Stored XSS.This issue affects Loan Calculator: from n/a through <= 1.3. | ||||
| CVE-2025-46441 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1. | ||||
| CVE-2025-46439 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.4 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central plugin-central allows Path Traversal.This issue affects Plugin Central: from n/a through <= 2.5.1. | ||||
| CVE-2025-46438 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners guitar-tuner allows Stored XSS.This issue affects GTDB Guitar Tuners: from n/a through <= 4.2.2. | ||||
| CVE-2025-46437 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form tayori allows Reflected XSS.This issue affects Tayori Form: from n/a through <= 1.2.9. | ||||
| CVE-2025-46436 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library scss-library allows Cross Site Request Forgery.This issue affects SCSS-Library: from n/a through <= 0.4.1. | ||||
| CVE-2025-46435 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting time-based-greeting allows Stored XSS.This issue affects Time Based Greeting: from n/a through <= 2.2.2. | ||||
| CVE-2025-46434 | 3 Elementor, Posimyth, Wordpress | 3 Elementor, The Plus Addons For Elementor, Wordpress | 2026-04-23 | N/A |
| Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7. | ||||
| CVE-2025-46263 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts author-box-after-posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through <= 1.6. | ||||
| CVE-2025-46260 | 2 Wordpress, Wowdevs | 2 Wordpress, Sky Addons For Elementor | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through <= 3.0.1. | ||||
| CVE-2025-46256 | 2 Sigmaplugin, Wordpress | 2 Advanced Database Cleaner, Wordpress | 2026-04-23 | 6.4 Medium |
| Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO advanced-database-cleaner-pro allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through <= 3.2.10. | ||||
| CVE-2025-46255 | 2 Marketing Fire, Wordpress | 2 Loginwp, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro loginwp-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through <= 4.0.8.5. | ||||