Export limit exceeded: 79009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32692 | 2026-04-23 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local File Inclusion.This issue affects WP Subscription Forms: from n/a through <= 1.2.4. | ||||
| CVE-2025-32687 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0. | ||||
| CVE-2025-32686 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4. | ||||
| CVE-2025-32685 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through <= 0.2.1. | ||||
| CVE-2025-32681 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5. | ||||
| CVE-2025-32677 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through <= 1.3. | ||||
| CVE-2025-32676 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Blind SQL Injection.This issue affects Verowa Connect: from n/a through <= 3.0.5. | ||||
| CVE-2025-32674 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through <= 4.7. | ||||
| CVE-2025-32673 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6. | ||||
| CVE-2025-32672 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through <= 1.4.9. | ||||
| CVE-2025-32671 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer print-science-designer allows Path Traversal.This issue affects Print Science Designer: from n/a through <= 1.3.155. | ||||
| CVE-2025-32670 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions spark-gf-failed-submissions allows Reflected XSS.This issue affects Spark GF Failed Submissions: from n/a through <= 1.3.5. | ||||
| CVE-2025-32669 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1. | ||||
| CVE-2025-32668 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||||
| CVE-2025-32667 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1. | ||||
| CVE-2025-32666 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Reflected XSS.This issue affects Hive Support: from n/a through <= 1.2.5. | ||||
| CVE-2025-32664 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15. | ||||
| CVE-2025-32663 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon fat-coming-soon allows PHP Local File Inclusion.This issue affects FAT Cooming Soon: from n/a through <= 1.1. | ||||
| CVE-2025-32662 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. | ||||
| CVE-2025-32661 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= 2.7. | ||||