Export limit exceeded: 78844 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58881 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through <= 8.0. | ||||
| CVE-2025-58880 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reubenthiessen Translate This gTranslate Shortcode translate-this-google-translate-web-element-shortcode allows Stored XSS.This issue affects Translate This gTranslate Shortcode: from n/a through <= 1.0. | ||||
| CVE-2025-58879 | 2 Ancorathemes, Wordpress | 2 Festy, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Festy festy allows PHP Local File Inclusion.This issue affects Festy: from n/a through <= 1.13.0. | ||||
| CVE-2025-58878 | 2026-04-23 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through <= 1.0.0. | ||||
| CVE-2025-58877 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529. | ||||
| CVE-2025-58876 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through <= 0.2.4. | ||||
| CVE-2025-58875 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: from n/a through <= 0.5. | ||||
| CVE-2025-58874 | 2 Josepsitjar, Wordpress | 2 Storymap, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in josepsitjar StoryMap wp-storymap allows DOM-Based XSS.This issue affects StoryMap: from n/a through <= 2.1. | ||||
| CVE-2025-58873 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through <= 0.5.0. | ||||
| CVE-2025-58872 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator simple-price-calculator-basic allows Retrieve Embedded Sensitive Data.This issue affects Simple Price Calculator: from n/a through <= 1.3. | ||||
| CVE-2025-58871 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Paper Collapse Toggle master-paper-collapse-toggle allows Stored XSS.This issue affects Master Paper Collapse Toggle: from n/a through <= 1.1. | ||||
| CVE-2025-58870 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP-GraphViz wp-graphviz allows DOM-Based XSS.This issue affects WP-GraphViz: from n/a through <= 1.5.1. | ||||
| CVE-2025-58869 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2. | ||||
| CVE-2025-58868 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2. | ||||
| CVE-2025-58867 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Download Media Counter easy-download-media-counter allows Stored XSS.This issue affects Easy Download Media Counter: from n/a through <= 1.2. | ||||
| CVE-2025-58866 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 2.7 Low |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1. | ||||
| CVE-2025-58865 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through <= 1.3.3. | ||||
| CVE-2025-58864 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamroody 金数据 jinshuju allows Stored XSS.This issue affects 金数据: from n/a through <= 1.0. | ||||
| CVE-2025-58863 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through <= 1.5.2. | ||||
| CVE-2025-58862 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Stored XSS.This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through <= 1.5.5. | ||||