Export limit exceeded: 78916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58849 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path hide-real-download-path allows Stored XSS.This issue affects Hide Real Download Path: from n/a through <= 1.6. | ||||
| CVE-2025-58848 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through <= 3.1.1. | ||||
| CVE-2025-58847 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1. | ||||
| CVE-2025-58846 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through <= 2020.1.0. | ||||
| CVE-2025-58845 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through <= 1.6.10. | ||||
| CVE-2025-58844 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0. | ||||
| CVE-2025-58843 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through <= 1.0.7. | ||||
| CVE-2025-58839 | 2026-04-23 | 7.2 High | ||
| Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2. | ||||
| CVE-2026-5928 | 2 Gnu, The Gnu C Library | 2 Glibc, Glibc | 2026-04-23 | 7.5 High |
| Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. | ||||
| CVE-2025-58833 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. | ||||
| CVE-2025-58815 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through <= 2.0.2. | ||||
| CVE-2025-58809 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through <= 2.7.3.9. | ||||
| CVE-2025-58807 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache purge-varnish allows Stored XSS.This issue affects Purge Varnish Cache: from n/a through <= 2.6. | ||||
| CVE-2025-58806 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tom Longridge WordPress Error Monitoring by Bugsnag bugsnag allows Stored XSS.This issue affects WordPress Error Monitoring by Bugsnag: from n/a through <= 1.6.3. | ||||
| CVE-2025-58789 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free wp-full-stripe-free allows SQL Injection.This issue affects WP Full Stripe Free: from n/a through <= 8.2.5. | ||||
| CVE-2025-58788 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This issue affects License Manager for WooCommerce: from n/a through <= 3.0.12. | ||||
| CVE-2025-58690 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7. | ||||
| CVE-2025-58688 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4. | ||||
| CVE-2025-58687 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through <= 1.6. | ||||
| CVE-2025-58686 | 2 Quadlayers, Wordpress | 2 Perfect Brands For Woocommerce, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through <= 3.6.2. | ||||