Export limit exceeded: 346271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64238 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1. | ||||
| CVE-2025-64237 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5. | ||||
| CVE-2025-64236 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a through < 3.6. | ||||
| CVE-2025-64235 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn tuturn allows Path Traversal.This issue affects Tuturn: from n/a through < 3.6. | ||||
| CVE-2025-64234 | 2 Evergreencontentposter, Wordpress | 2 Evergreen Content Poster, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a through <= 1.4.5. | ||||
| CVE-2025-64231 | 2 Redefiningtheweb, Wordpress | 2 Wordpress Contact Form 7 Pdf Google Sheet Database, Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0. | ||||
| CVE-2025-64230 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10. | ||||
| CVE-2025-64226 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through <= 1.2.11. | ||||
| CVE-2025-64225 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through <= 1.2.11. | ||||
| CVE-2025-6024 | 1 Wso2 | 4 Api Manager, Identity Server, Wso2 Api Manager and 1 more | 2026-04-23 | 6.1 Medium |
| The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious website, manipulation of the web page's user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies. | ||||
| CVE-2025-64222 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Woocommerce Recover Abandoned Cart, Woocommerce, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0. | ||||
| CVE-2025-64214 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||||
| CVE-2025-64212 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16. | ||||
| CVE-2025-64211 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Elementor Widgets, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4. | ||||
| CVE-2025-64205 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.0. | ||||
| CVE-2025-64201 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12. | ||||
| CVE-2025-64199 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3.2. | ||||
| CVE-2025-64190 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.6. | ||||
| CVE-2025-64189 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6. | ||||
| CVE-2025-63077 | 3 Elementor, Happymonster, Wordpress | 3 Elementor, Happy Addons For Elementor, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3. | ||||