Export limit exceeded: 346703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 78992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48145 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This issue affects Track, Analyze & Optimize by WP Tao: from n/a through <= 1.3. | ||||
| CVE-2025-48144 | 1 Sidngr | 1 Import Export For Woocommerce | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Stored XSS.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2. | ||||
| CVE-2025-48143 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! formularios-de-contacto-salesup allows Reflected XSS.This issue affects Formulario de contacto SalesUp!: from n/a through <= 1.0.14. | ||||
| CVE-2025-48142 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9. | ||||
| CVE-2025-48137 | 1 Proxymis | 1 Interview | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through <= 1.01. | ||||
| CVE-2025-48136 | 1 Estatik | 1 Mortgage Calculator | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Local File Inclusion.This issue affects Mortgage Calculator Estatik: from n/a through <= 2.0.12. | ||||
| CVE-2025-48134 | 1 Shapedplugin | 1 Wp Tabs | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12. | ||||
| CVE-2025-48130 | 2026-04-23 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through <= 2.0.7.4. | ||||
| CVE-2025-48126 | 1 G5plus | 1 Essential Real Estate | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.3.2. | ||||
| CVE-2025-48125 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through <= 3.1.51. | ||||
| CVE-2025-48124 | 2026-04-23 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Path Traversal.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. | ||||
| CVE-2025-48118 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment wc-partial-shipment allows SQL Injection.This issue affects Woocommerce Partial Shipment: from n/a through <= 3.2. | ||||
| CVE-2025-48114 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= 1.9.1. | ||||
| CVE-2025-48112 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages dot-htmlphpxml-etc-pages allows Reflected XSS.This issue affects Dot html,php,xml etc pages: from n/a through <= 1.0. | ||||
| CVE-2025-48109 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1. | ||||
| CVE-2025-48107 | 2 Undsgn, Wordpress | 2 Uncode, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through < 2.9.4.4. | ||||
| CVE-2025-48104 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a through <= 3.4.2. | ||||
| CVE-2025-48101 | 2 Webdevstudios, Wordpress | 2 Constant Contact For Wordpress, Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress constant-contact-api allows Object Injection.This issue affects Constant Contact for WordPress: from n/a through <= 4.1.1. | ||||
| CVE-2025-48091 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6. | ||||
| CVE-2025-48090 | 2 Cocobasic, Wordpress | 2 Blanka, Wordpress | 2026-04-23 | 8.1 High |
| Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. | ||||