Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58610 | 2 Wordpress, Wpchill | 2 Wordpress, Gallery Photoblocks | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1. | ||||
| CVE-2025-58603 | 2 Surfer, Wordpress | 2 Surfer Plugin, Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574. | ||||
| CVE-2025-58598 | 3 Klarna, Woocommerce, Wordpress | 3 Klarna For Woocommerce, Woocommerce, Wordpress | 2025-09-04 | 6.6 Medium |
| Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Klarna Order Management for WooCommerce: from n/a through 1.9.8. | ||||
| CVE-2025-58594 | 2 Brizy, Wordpress | 2 Brizy, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12. | ||||
| CVE-2025-58615 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0. | ||||
| CVE-2025-58607 | 2 Gdprinfo, Wordpress | 2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: from n/a through 1.7.11. | ||||
| CVE-2025-58597 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6. | ||||
| CVE-2025-58620 | 2 Wordpress, Wpforms | 2 Wordpress, Wpforms | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms allows Stored XSS. This issue affects PDF for WPForms: from n/a through 6.2.1. | ||||
| CVE-2025-58612 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5. | ||||
| CVE-2025-9616 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-58606 | 2 Cozythemes, Wordpress | 2 Saaslauncher, Wordpress | 2025-09-04 | 5 Medium |
| Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0. | ||||
| CVE-2025-58605 | 2 Wordpress, Wpdelicious | 2 Wordpress, Wp Delicious | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows Stored XSS. This issue affects WP Delicious: from n/a through 1.8.7. | ||||
| CVE-2025-52709 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2025-09-04 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-31100 | 2 Mojoomla, Wordpress | 2 School Management, Wordpress | 2025-09-02 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025). | ||||
| CVE-2025-5083 | 2 Amministrazione Trasparente Project, Wordpress | 2 Amministrazione Trasparente, Wordpress | 2025-09-02 | 5.5 Medium |
| The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-32589 | 2 Ukrsolution, Wordpress | 2 Barcode Scanner And Inventory Manager, Wordpress | 2025-09-02 | 7.1 High |
| Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
| CVE-2024-32832 | 2 Hamid-alinia-idehweb, Wordpress | 2 Login With Phone Number, Wordpress | 2025-09-02 | 9.8 Critical |
| Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects Login with phone number: from n/a through 1.6.93. | ||||
| CVE-2025-47696 | 2 Solwin, Wordpress | 2 Blog Designer Pro, Wordpress | 2025-09-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7. | ||||
| CVE-2025-9618 | 2 Wordpress, Wpdreams | 2 Wordpress, Related Posts Lite | 2025-09-02 | 4.3 Medium |
| The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-4956 | 2 Aa-team, Wordpress | 2 Pro Bulk Watermark Plugin, Wordpress | 2025-09-02 | 4.3 Medium |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. | ||||