Export limit exceeded: 11417 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11498 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47617 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Stored XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 5.0.6. | ||||
| CVE-2025-47615 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flowdee Amazon Product in a Post amazon-product-in-a-post-plugin allows Stored XSS.This issue affects Amazon Product in a Post: from n/a through <= 5.2.2. | ||||
| CVE-2025-47610 | 3 Wetail, Woocommerce, Wordpress | 3 Woocommerce Fortnox Integration, Woocommerce, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Stored XSS.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.6. | ||||
| CVE-2025-47604 | 2 Data443, Wordpress | 2 Inline Related Posts, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Inline Related Posts intelly-related-posts allows Stored XSS.This issue affects Inline Related Posts: from n/a through <= 3.8.0. | ||||
| CVE-2025-47603 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo belingogeo allows Path Traversal.This issue affects belingoGeo: from n/a through <= 1.12.0. | ||||
| CVE-2025-47601 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0. | ||||
| CVE-2025-47599 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante facturante allows SQL Injection.This issue affects Facturante: from n/a through <= 1.11. | ||||
| CVE-2025-47598 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through <= 1.0.13. | ||||
| CVE-2025-47597 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager wp-podcasts-manager allows Cross Site Request Forgery.This issue affects WP Podcasts Manager: from n/a through <= 1.3. | ||||
| CVE-2025-47595 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darshan Saroya Color Your Bar color-your-bar allows Stored XSS.This issue affects Color Your Bar: from n/a through <= 2.0. | ||||
| CVE-2025-47591 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. | ||||
| CVE-2025-47590 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in JExtensions Store WPSpeed wpspeed allows Cross Site Request Forgery.This issue affects WPSpeed: from n/a through <= 2.6.5. | ||||
| CVE-2025-47583 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16. | ||||
| CVE-2025-47579 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-01 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2. | ||||
| CVE-2025-47571 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through < 7.8. | ||||
| CVE-2025-47570 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.3.13. | ||||
| CVE-2025-47569 | 3 Woocommerce, Wordpress, Wpswings | 4 Gift Cards, Woocommerce, Wordpress and 1 more | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through <= 2.9.6. | ||||
| CVE-2025-47567 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through <= 2.4.1. | ||||
| CVE-2025-47565 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9. | ||||
| CVE-2025-47564 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 4.9.8. | ||||