Export limit exceeded: 346596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 78916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54731 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through <= 3.5.1. | ||||
| CVE-2025-54724 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through <= 1.7.1. | ||||
| CVE-2025-54722 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3. | ||||
| CVE-2025-54716 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through <= 1.8.5. | ||||
| CVE-2025-54714 | 2 Dylanjames, Wordpress | 2 Zephyr Project Manager, Wordpress | 2026-04-23 | 7.1 High |
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201. | ||||
| CVE-2025-54711 | 2 Bplugins, Wordpress | 2 Info Cards, Wordpress | 2026-04-23 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11. | ||||
| CVE-2025-54710 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2026-04-23 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21. | ||||
| CVE-2025-54709 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala sala.This issue affects Sala: from n/a through <= 1.1.6. | ||||
| CVE-2025-54701 | 2 Thememove, Wordpress | 2 Unicamp, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3. | ||||
| CVE-2025-54700 | 2 Thememove, Wordpress | 2 Makeaholic, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4. | ||||
| CVE-2025-54697 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2026-04-23 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. | ||||
| CVE-2025-54692 | 2 Wordpress, Wpswings | 2 Wordpress, Membership For Woocommerce | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0. | ||||
| CVE-2025-54690 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue affects Xinterio: from n/a through <= 4.2. | ||||
| CVE-2025-54689 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7. | ||||
| CVE-2025-54679 | 2 Vertim, Wordpress | 2 Neon Channel Product Customizer Free, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0. | ||||
| CVE-2025-54670 | 2 Bobbingwide, Wordpress | 2 Oik, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2. | ||||
| CVE-2025-54056 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.8. | ||||
| CVE-2025-54055 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= 1.5.2. | ||||
| CVE-2025-54052 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.0.0. | ||||
| CVE-2025-54044 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Reflected XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5. | ||||