Export limit exceeded: 342098 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74706 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47546 | 1 Wpcompress | 1 Wp Compress | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30. | ||||
| CVE-2025-47545 | 1 Ays-pro | 1 Poll Maker | 2026-04-01 | 8.1 High |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7. | ||||
| CVE-2025-47544 | 1 Acowebs | 1 Dynamic Pricing With Discount Rules For Woocommerce | 2026-04-01 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind SQL Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through <= 4.5.8. | ||||
| CVE-2025-47540 | 1 Wedevs | 1 Wemail | 2026-04-01 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13. | ||||
| CVE-2025-47538 | 1 Wpdever | 1 Cart Tracking For Woocommerce | 2026-04-01 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce cart-tracking-for-woocommerce allows SQL Injection.This issue affects Cart tracking for WooCommerce: from n/a through <= 1.0.17. | ||||
| CVE-2025-47531 | 1 Xylusthemes | 1 Xt Event Widget For Social Events | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP Local File Inclusion.This issue affects XT Event Widget for Social Events: from n/a through <= 1.1.7. | ||||
| CVE-2025-46252 | 1 Kofimokome | 1 Message Filter For Contact Form 7 | 2026-04-01 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows SQL Injection.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.2. | ||||
| CVE-2025-46251 | 1 E4jconnect | 1 Vikrestaurants Table Reservations And Take-away | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3. | ||||
| CVE-2025-46249 | 1 Migaweb | 1 Simple Calendar For Elementor | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through <= 1.6.4. | ||||
| CVE-2025-46246 | 1 Cminds | 1 Cm Answers | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Cross Site Request Forgery.This issue affects CM Answers: from n/a through <= 3.3.3. | ||||
| CVE-2025-46245 | 1 Cminds | 1 Cm Ad Changer | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Request Forgery.This issue affects CM Ad Changer: from n/a through <= 2.0.5. | ||||
| CVE-2025-46243 | 1 Sktthemes | 1 Recover Abandoned Cart For Woocommerce | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows Cross Site Request Forgery.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.2. | ||||
| CVE-2025-46241 | 1 Codepeople | 1 Appointment Booking Calendar | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||||
| CVE-2025-46232 | 1 Alttext | 1 Alt Text Ai | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93. | ||||
| CVE-2025-46231 | 1 Servit | 1 Affiliate-toolkit | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n/a through <= 3.7.3. | ||||
| CVE-2025-39565 | 1 Melapress | 1 Melapress Login Security | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0. | ||||
| CVE-2025-39507 | 1 Nasatheme | 1 Nasa Core | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through < 6.4.4. | ||||
| CVE-2025-39493 | 1 Valvepress | 1 Rankie | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2. | ||||
| CVE-2025-39482 | 1 Imithemes | 1 Eventer | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4. | ||||
| CVE-2025-39472 | 2 Wpweb, Wpwebelite | 2 Woocommerce Social Login, Woocommerce Social Login | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.8.3. | ||||