Export limit exceeded: 78993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47655 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7. | ||||
| CVE-2025-47654 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through <= 7.5.20. | ||||
| CVE-2025-47653 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall wp-recall allows PHP Local File Inclusion.This issue affects WP-Recall: from n/a through <= 16.26.14. | ||||
| CVE-2025-47652 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.13.4. | ||||
| CVE-2025-47651 | 1 Infility | 1 Infility Global | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.11. | ||||
| CVE-2025-47649 | 2026-04-23 | 8.8 High | ||
| Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 5.0.0. | ||||
| CVE-2025-47648 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a through <= 2.6. | ||||
| CVE-2025-47645 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through <= 1.4.9. | ||||
| CVE-2025-47643 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce elex-product-feed allows SQL Injection.This issue affects ELEX Product Feed for WooCommerce: from n/a through <= 3.1.2. | ||||
| CVE-2025-47639 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading polylang-supertext allows Stored XSS.This issue affects Supertext Translation and Proofreading: from n/a through <= 4.26. | ||||
| CVE-2025-47636 | 2026-04-23 | 7.5 High | ||
| Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0. | ||||
| CVE-2025-47631 | 2026-04-23 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System hospital-management allows Privilege Escalation.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). | ||||
| CVE-2025-47629 | 1 Wp-crm | 1 Wp-crm System | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through <= 3.4.5. | ||||
| CVE-2025-47627 | 2026-04-23 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions private-content-mail-actions allows PHP Local File Inclusion.This issue affects PrivateContent - Mail Actions: from n/a through <= 2.3.2. | ||||
| CVE-2025-47620 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Martins Free Monetized Ad Exchange Network: from n/a through <= 1.0.11. | ||||
| CVE-2025-47613 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management school-management allows Reflected XSS.This issue affects School Management: from n/a through <= 92.0.0. | ||||
| CVE-2025-47611 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta user-meta allows Reflected XSS.This issue affects User Meta: from n/a through <= 3.1.2. | ||||
| CVE-2025-47603 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo belingogeo allows Path Traversal.This issue affects belingoGeo: from n/a through <= 1.12.0. | ||||
| CVE-2025-47601 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0. | ||||
| CVE-2025-47587 | 1 Yaycommerce | 1 Yaysmtp | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through <= 2.6.4. | ||||