Export limit exceeded: 11981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11981 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27003 | 2 Fullworksplugins, Wordpress | 2 Quick Paypal Payments, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46. | ||||
| CVE-2025-27000 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0. | ||||
| CVE-2025-26995 | 2 Anton Vanyukov, Wordpress | 2 Market Exporter, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21. | ||||
| CVE-2025-26992 | 2 Fatcatapps, Wordpress | 2 Landing Page Cat, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8. | ||||
| CVE-2025-26991 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza wppizza allows Reflected XSS.This issue affects WPPizza: from n/a through <= 3.19.4. | ||||
| CVE-2025-26980 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Stored XSS.This issue affects Wired Impact Volunteer Management: from n/a through <= 2.5. | ||||
| CVE-2025-26976 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.4. | ||||
| CVE-2025-26972 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2025-26969 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.3 High |
| Missing Authorization vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2025-26966 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2025-26964 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.20. | ||||
| CVE-2025-26961 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.6 High |
| Missing Authorization vulnerability in FRESHFACE Fresh Framework fresh-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Fresh Framework: from n/a through <= 1.70.0. | ||||
| CVE-2025-26957 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons affiliate-coupons allows PHP Local File Inclusion.This issue affects Affiliate Coupons: from n/a through <= 1.7.3. | ||||
| CVE-2025-26956 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. | ||||
| CVE-2025-26951 | 2 Covertnine, Wordpress | 2 C9 Blocks, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks c9-blocks allows DOM-Based XSS.This issue affects C9 Blocks: from n/a through <= 1.7.7. | ||||
| CVE-2025-26943 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes: from n/a through <= 1.2.2. | ||||
| CVE-2025-26941 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18. | ||||
| CVE-2025-26936 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= 1.70.0. | ||||
| CVE-2025-26933 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through <= 2.6.7. | ||||
| CVE-2025-26932 | 2 Quantumcloud, Wordpress | 3 Chatbot, Wpbot, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through <= 6.3.5. | ||||