Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53465 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through <= 1.1.1. | ||||
| CVE-2025-53464 | 2 Ironikus, Wordpress | 2 Wp Mailto Links, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Online Optimisation WP Mailto Links wp-mailto-links allows Stored XSS.This issue affects WP Mailto Links: from n/a through <= 3.1.4. | ||||
| CVE-2025-53463 | 3 Ht Plugins, Wordpress, Wpbakery | 4 Absolute Addons For Wpbakery Page Builder, Wordpress, Page Builder and 1 more | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through <= 1.0.9. | ||||
| CVE-2025-53462 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SAPO SAPO Feed sapo-feed allows Stored XSS.This issue affects SAPO Feed: from n/a through <= 2.4.2. | ||||
| CVE-2025-53461 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through <= 1.6.2. | ||||
| CVE-2025-53460 | 2 Affiliatewp, Wordpress | 2 Affiliatewp, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi AffiliateWP – External Referral Links affiliatewp-external-referral-links allows Stored XSS.This issue affects AffiliateWP – External Referral Links: from n/a through <= 1.2.0. | ||||
| CVE-2025-53458 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davaxi Goracash goracash allows Stored XSS.This issue affects Goracash: from n/a through <= 1.1. | ||||
| CVE-2025-53457 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Server Side Request Forgery.This issue affects SEO Backlink Monitor: from n/a through <= 1.8.0. | ||||
| CVE-2025-53456 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor seo-backlink-monitor allows Cross Site Request Forgery.This issue affects SEO Backlink Monitor: from n/a through <= 1.8.0. | ||||
| CVE-2025-53455 | 3 Cashbill, Woocommerce, Wordpress | 3 Cashbill Woocommerce, Woocommerce, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue affects CashBill.pl – Płatności WooCommerce: from n/a through <= 3.2.1. | ||||
| CVE-2025-53454 | 2 Rustaurius, Wordpress | 2 Ultimate Wp Mail, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through <= 1.3.8. | ||||
| CVE-2025-53453 | 2 Axiomthemes, Wordpress | 2 Hygia, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16. | ||||
| CVE-2025-53452 | 2 Barry, Wordpress | 2 Event Rocket, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Barry Event Rocket event-rocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Rocket: from n/a through <= 3.3. | ||||
| CVE-2025-53451 | 2 Mihdan, Wordpress | 2 No External Links Project, Wordpress | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through <= 5.1.6.2. | ||||
| CVE-2025-53450 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP easy-pricing-table-wp allows PHP Local File Inclusion.This issue affects Easy Pricing Table WP: from n/a through <= 1.1.3. | ||||
| CVE-2025-53444 | 2 Deluxethemes, Wordpress | 2 Userpro, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through < 5.1.11. | ||||
| CVE-2025-53426 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Likert Survey Master likert-survey-master allows Reflected XSS.This issue affects Likert Survey Master: from n/a through <= 0.8.0.1. | ||||
| CVE-2025-53425 | 2 Dokan, Wordpress | 2 Dokan, Wordpress | 2026-04-23 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3. | ||||
| CVE-2025-53424 | 3 Vanquish, Woocommerce, Wordpress | 3 Woocommerce Orders Customers Exporter, Woocommerce, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4. | ||||
| CVE-2025-53421 | 2 Pickplugins, Wordpress | 2 Accordion, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14. | ||||