Export limit exceeded: 78923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53208 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through <= 1.2.0. | ||||
| CVE-2025-53207 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue affects WP Travel Gutenberg Blocks: from n/a through <= 3.9.0. | ||||
| CVE-2025-53205 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast lbg-audio4-html5-shoutcast allows Reflected XSS.This issue affects Radio Player Shoutcast & Icecast: from n/a through <= 4.4.7. | ||||
| CVE-2025-53204 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through <= 1.9.2. | ||||
| CVE-2025-53201 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8. | ||||
| CVE-2025-53198 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4. | ||||
| CVE-2025-53194 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-23 | 8.5 High |
| Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0. | ||||
| CVE-2025-52828 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8. | ||||
| CVE-2025-52827 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3. | ||||
| CVE-2025-52826 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Sala sala allows Object Injection.This issue affects Sala: from n/a through <= 1.1.3. | ||||
| CVE-2025-52825 | 2026-04-23 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||||
| CVE-2025-52824 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3. | ||||
| CVE-2025-52823 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8. | ||||
| CVE-2025-52822 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap wp-roadmap allows SQL Injection.This issue affects WP Roadmap: from n/a through <= 2.1.3. | ||||
| CVE-2025-52821 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7. | ||||
| CVE-2025-52820 | 3 Infosoftplugin, Woocommerce, Wordpress | 3 Woocommerce Point Of Sale, Woocommerce, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4. | ||||
| CVE-2025-52819 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through <= 1.0.2. | ||||
| CVE-2025-52818 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.2 High |
| Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1. | ||||
| CVE-2025-52817 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.2 High |
| Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2. | ||||
| CVE-2025-52816 | 2 Themehunk, Wordpress | 2 Zita, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5. | ||||