Export limit exceeded: 79690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47629 | 1 Wp-crm | 1 Wp-crm System | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through <= 3.4.5. | ||||
| CVE-2025-47611 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta user-meta allows Reflected XSS.This issue affects User Meta: from n/a through <= 3.1.2. | ||||
| CVE-2025-47603 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo belingogeo allows Path Traversal.This issue affects belingoGeo: from n/a through <= 1.12.0. | ||||
| CVE-2025-47601 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0. | ||||
| CVE-2025-47587 | 1 Yaycommerce | 1 Yaysmtp | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.4. | ||||
| CVE-2025-47571 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through < 7.8. | ||||
| CVE-2025-47570 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.3.13. | ||||
| CVE-2025-47567 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through <= 2.4.1. | ||||
| CVE-2025-47561 | 2026-04-23 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13. | ||||
| CVE-2025-47558 | 2026-04-23 | 7.5 High | ||
| Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13. | ||||
| CVE-2025-47554 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Reflected XSS.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <= 11.6. | ||||
| CVE-2025-47546 | 1 Wpcompress | 1 Wp Compress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30. | ||||
| CVE-2025-47544 | 1 Acowebs | 1 Dynamic Pricing With Discount Rules For Woocommerce | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind SQL Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through <= 4.5.8. | ||||
| CVE-2025-47538 | 1 Wpdever | 1 Cart Tracking For Woocommerce | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce cart-tracking-for-woocommerce allows SQL Injection.This issue affects Cart tracking for WooCommerce: from n/a through <= 1.0.17. | ||||
| CVE-2025-47537 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows SQL Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 5.3.8. | ||||
| CVE-2025-47536 | 2 Keywordrush, Wordpress | 2 Content Egg, Wordpress | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0. | ||||
| CVE-2025-47535 | 1 Wpopal | 1 Opal Woo Custom Product Variation | 2026-04-23 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.2.0. | ||||
| CVE-2025-47533 | 2026-04-23 | 8.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4. | ||||
| CVE-2025-47531 | 1 Xylusthemes | 1 Xt Event Widget For Social Events | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP Local File Inclusion.This issue affects XT Event Widget for Social Events: from n/a through <= 1.1.7. | ||||
| CVE-2025-47527 | 2026-04-23 | 7.1 High | ||
| Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18. | ||||