Export limit exceeded: 342291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46245 | 1 Cminds | 1 Cm Ad Changer | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer cm-ad-changer allows Cross Site Request Forgery.This issue affects CM Ad Changer: from n/a through <= 2.0.5. | ||||
| CVE-2025-46243 | 1 Sktthemes | 1 Recover Abandoned Cart For Woocommerce | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows Cross Site Request Forgery.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.2. | ||||
| CVE-2025-46241 | 1 Codepeople | 1 Appointment Booking Calendar | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||||
| CVE-2025-46232 | 1 Alttext | 1 Alt Text Ai | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93. | ||||
| CVE-2025-46231 | 1 Servit | 1 Affiliate-toolkit | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n/a through <= 3.7.3. | ||||
| CVE-2025-39565 | 1 Melapress | 1 Melapress Login Security | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0. | ||||
| CVE-2025-39507 | 1 Nasatheme | 1 Nasa Core | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through < 6.4.4. | ||||
| CVE-2025-39493 | 1 Valvepress | 1 Rankie | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2. | ||||
| CVE-2025-39482 | 1 Imithemes | 1 Eventer | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4. | ||||
| CVE-2025-39472 | 2 Wpweb, Wpwebelite | 2 Woocommerce Social Login, Woocommerce Social Login | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.8.3. | ||||
| CVE-2025-39413 | 1 Wpgoplugins | 1 Simple Sitemap | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0. | ||||
| CVE-2025-32280 | 1 Wedevs | 1 Wp Project Manager | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25. | ||||
| CVE-2025-32220 | 1 Salonbookingsystem | 1 Salon Booking System | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon booking system: from n/a through <= 10.30.23. | ||||
| CVE-2025-32158 | 1 Athemes | 1 Athemes Addons For Elementor | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Elementor: from n/a through <= 1.1.3. | ||||
| CVE-2025-32154 | 1 Catchthemes | 1 Catch Dark Mode | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through <= 2.0.1. | ||||
| CVE-2025-32151 | 2 Themekraft, Wordpress | 2 Buddyforms, Wordpress | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.9.0. | ||||
| CVE-2025-32149 | 2 Mtrv, Wordpress | 2 Teachpress, Wordpress | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11. | ||||
| CVE-2025-31828 | 1 Easyappointments | 1 Easy\!appointments | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request Forgery.This issue affects Easy!Appointments: from n/a through <= 1.4.2. | ||||
| CVE-2025-31560 | 1 Salonbookingsystem | 1 Salon Booking System | 2026-04-01 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15. | ||||
| CVE-2025-30974 | 2 Addonmaster, Wordpress | 2 Post Grid Master, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17. | ||||