Export limit exceeded: 346619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54003 | 2 Mikado-themes, Wordpress | 2 Depot, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16. | ||||
| CVE-2025-5805 | 2 Ninetheme, Wordpress | 2 Electron, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2. | ||||
| CVE-2025-62106 | 2 Mario Peshev, Wordpress | 2 Wp-crm-system, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5. | ||||
| CVE-2025-62741 | 2 Smartdatasoft, Wordpress | 2 Pool Services, Wordpress | 2026-04-24 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3. | ||||
| CVE-2025-62754 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0. | ||||
| CVE-2025-63018 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229. | ||||
| CVE-2025-63019 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34. | ||||
| CVE-2025-63026 | 3 Elementor, Themegoods, Wordpress | 3 Elementor, Grand Restaurant, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored XSS.This issue affects Grand Restaurant Theme Elements for Elementor: from n/a through <= 2.1.1. | ||||
| CVE-2025-66135 | 2 Merkulove, Wordpress | 2 Imager For Elementor, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4. | ||||
| CVE-2025-66136 | 2 Merkulove, Wordpress | 2 Carter For Elementor, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2. | ||||
| CVE-2025-66137 | 2 Merkulove, Wordpress | 2 Searcher For Elementor, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3. | ||||
| CVE-2025-66138 | 2 Merkulove, Wordpress | 2 Motionger For Elementor, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4. | ||||
| CVE-2025-66139 | 2 Merkulove, Wordpress | 2 Audier For Elementor, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9. | ||||
| CVE-2025-66141 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. | ||||
| CVE-2025-66142 | 2 Merkulove, Wordpress | 2 Comparimager For Elementor, Wordpress | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-67939 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2. | ||||
| CVE-2025-67942 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6. | ||||
| CVE-2025-67955 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <= 4.1.0. | ||||
| CVE-2025-67958 | 3 Taxcloud, Woocommerce, Wordpress | 3 Taxcloud For Woocommerce, Woocommerce, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8. | ||||
| CVE-2025-68003 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10. | ||||