Export limit exceeded: 343527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58966 | 2 Basixonline, Wordpress | 2 Nex-forms, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through < 8.2. | ||||
| CVE-2025-58918 | 2 Waituk, Wordpress | 2 Entrada, Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7. | ||||
| CVE-2025-53344 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3. | ||||
| CVE-2025-53242 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1. | ||||
| CVE-2025-39853 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-20 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fix this by using list_first_entry_or_null instead of list_first_entry. | ||||
| CVE-2025-53238 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toast Plugins Toast Mobile Menu toast-responsive-menu allows Stored XSS.This issue affects Toast Mobile Menu: from n/a through <= 1.0.7. | ||||
| CVE-2025-52739 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-48087 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1. | ||||
| CVE-2025-47566 | 2 Digitalzoomstudio, Wordpress | 3 Dzs-zoomsounds, Zoomsounds, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91. | ||||
| CVE-2025-46255 | 2 Marketing Fire, Wordpress | 2 Loginwp, Wordpress | 2026-01-20 | 7.5 High |
| Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | ||||
| CVE-2025-39561 | 2 Marketing Fire, Wordpress | 2 Loginwp, Wordpress | 2026-01-20 | 6.5 Medium |
| Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | ||||
| CVE-2025-39497 | 2 Dokan, Wordpress | 2 Dokan Pro Plugin, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5. | ||||
| CVE-2025-39484 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | ||||
| CVE-2025-31048 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | ||||
| CVE-2025-31047 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | ||||
| CVE-2025-31046 | 2 Wordpress, Wpvibes | 2 Wordpress, Anywhere Elementor | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29. | ||||
| CVE-2025-31044 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2. | ||||
| CVE-2025-30633 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3. | ||||
| CVE-2025-30628 | 2 Aa-team, Wordpress | 2 Amazon Affiliates Addon For Wpbakery Page Builder, Wordpress | 2026-01-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through 1.2. | ||||