Export limit exceeded: 23766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 14403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12844 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 7.1 High |
| The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'rest_simpleTranscribeAudio' and 'rest_simpleVisionQuery' functions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2025-11260 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 5.3 Medium |
| The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.15. This is due to the plugin only checking for the existence of the Authorization header in a request when determining if the nonce protection should be bypassed. This makes it possible for unauthenticated attackers to access content they should not have access to. | ||||
| CVE-2025-11769 | 2 Aumsrini, Wordpress | 2 Wordpress Content Flipper, Wordpress | 2026-04-21 | 6.4 Medium |
| The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8994 | 2 Wedevs, Wordpress | 2 Wp Project Manager, Wordpress | 2026-04-21 | 6.5 Medium |
| The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completed_at_operator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-12494 | 2 Wordpress, Wpchill | 2 Wordpress, Image Photo Gallery Final Tiles Grid | 2026-04-21 | 4.3 Medium |
| The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server. | ||||
| CVE-2025-12775 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 8.8 High |
| The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uploads directory before any file type validation occurs. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-12372 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 4.3 Medium |
| The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized administrative actions such as enabling or disabling automatic pinging settings and modifying page exclusion settings. | ||||
| CVE-2025-13088 | 3 Ikhodal, Woocommerce, Wordpress | 3 Category And Product Woocommerce Tabs, Woocommerce, Wordpress | 2026-04-21 | 8.8 High |
| The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab() function. This makes it possible for authenticated attackers, with contributor level access and above, to include and execute arbitrary .php files on the server. | ||||
| CVE-2025-12406 | 2 Awensley, Wordpress | 2 Project Honey Pot Spam Trap, Wordpress | 2026-04-21 | 6.1 Medium |
| The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12078 | 2 Artibot, Wordpress | 2 Artibot, Wordpress | 2026-04-21 | 6.1 Medium |
| The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-11868 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 6.4 Medium |
| The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `everviz` shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a `<div id=...>` from the `type` and `hash` attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12457 | 2 Ideastocode, Wordpress | 2 Enable Svg, Webp & Ico Upload, Wordpress | 2026-04-21 | 6.4 Medium |
| The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2025-12391 | 3 Buddypress, Seventhqueen, Wordpress | 3 Buddypress, Restrictions For Buddypress, Wordpress | 2026-04-21 | 5.3 Medium |
| The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracking. | ||||
| CVE-2025-8084 | 1 Wordpress | 1 Wordpress | 2026-04-21 | 6.8 Medium |
| The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieving. | ||||
| CVE-2025-12427 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Wishlist | 2026-04-21 | 5.3 Medium |
| The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to discover any user's wishlist token ID, and subsequently rename the victim's wishlist without authorization (integrity impact). This can be exploited to target multi-user stores for defacement, social engineering attacks, mass tampering, and profiling at scale. | ||||
| CVE-2026-25043 | 1 Budibase | 1 Budibase | 2026-04-21 | 5.3 Medium |
| Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can repeatedly trigger password reset requests for the same email address, resulting in hundreds of password reset emails being sent in a short time window. This enables large-scale email flooding, user harassment, denial of service (DoS) against user inboxes, and potential financial and reputational impact for Budibase. This issue has been patched in version 3.23.25. | ||||
| CVE-2025-12814 | 2 Softaculous, Wordpress | 2 Siteseo, Wordpress | 2026-04-21 | 5.3 Medium |
| The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseo_reset_settings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted access to at least on SiteSEO setting capability, to reset the plugin's settings. | ||||
| CVE-2025-12535 | 2 Brainstormforce, Wordpress | 2 Sureforms, Wordpress | 2026-04-21 | 5.3 Medium |
| The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces (wp_rest) to unauthenticated users via the 'wp_ajax_nopriv_rest-nonce' action. While the plugin legitimately needs to support unauthenticated form submissions, it incorrectly uses generic REST nonces instead of form-specific nonces. This makes it possible for unauthenticated attackers to bypass CSRF protection on REST API endpoints that rely solely on nonce verification without additional authentication checks, allowing them to trigger unauthorized actions such as the plugin's own post-submission hooks and potentially other plugins' REST endpoints. | ||||
| CVE-2025-12778 | 3 Elementor, Userelements, Wordpress | 3 Elementor, Ultimate Member Widgets For Elementor, Wordpress | 2026-04-21 | 5.3 Medium |
| The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to extract partial metadata of all WordPress users, including their first name, last name and email addresses. | ||||
| CVE-2025-12169 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2026-04-21 | 4.3 Medium |
| The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the scheduled triggers option. | ||||