Export limit exceeded: 346195 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346195 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55711 | 2 Wordpress, Wptablebuilder | 2 Wordpress, Wp Table Builder | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Stored XSS.This issue affects WP Table Builder: from n/a through <= 2.0.12. | ||||
| CVE-2025-55708 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.2.4. | ||||
| CVE-2025-55716 | 2 Veronalabs, Wordpress | 2 Wp Statistics, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15. | ||||
| CVE-2025-55714 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.9. | ||||
| CVE-2025-55713 | 2 Creativethemes, Wordpress | 2 Blocksy, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <= 2.1.6. | ||||
| CVE-2025-55712 | 2 Posimyth, Wordpress | 2 The Plus Addons For Elementor Page Builder Lite, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 6.3.13. | ||||
| CVE-2025-54749 | 2 Crocoblock, Wordpress | 2 Jetproductgallery, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through <= 2.2.0.2. | ||||
| CVE-2025-54750 | 2 Funnelkit, Wordpress | 2 Funnel Builder, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.11.1. | ||||
| CVE-2025-54742 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.4.8. | ||||
| CVE-2025-54747 | 2 Wordpress, Wpbakery | 2 Wordpress, Templatera | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera templatera allows DOM-Based XSS.This issue affects Templatera: from n/a through <= 2.3.0. | ||||
| CVE-2025-54746 | 2 Cartpauj, Wordpress | 2 Shortcode-redirect, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through <= 1.0.02. | ||||
| CVE-2025-54744 | 2026-04-23 | 6.5 Medium | ||
| Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.15. | ||||
| CVE-2025-54717 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3. | ||||
| CVE-2025-54741 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0. | ||||
| CVE-2025-54726 | 2026-04-23 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6. | ||||
| CVE-2025-54740 | 2 Michael Nelson, Wordpress | 2 Print My Blog, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through <= 3.27.9. | ||||
| CVE-2025-54716 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through <= 1.8.5. | ||||
| CVE-2025-54730 | 2 Pareto Digital, Wordpress | 2 Embedder For Google Reviews, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews embedder-for-google-reviews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embedder for Google Reviews: from n/a through <= 1.7.3. | ||||
| CVE-2025-54739 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.5.4. | ||||
| CVE-2025-54722 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3. | ||||