Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54720 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3. | ||||
| CVE-2025-49404 | 2 Purethemes, Wordpress | 2 Listeo, Wordpress | 2025-08-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo-Core allows SQL Injection. This issue affects Listeo-Core: from n/a through 1.9.32. | ||||
| CVE-2025-54714 | 2 Dylanjames, Wordpress | 2 Zephyr Project Manager, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201. | ||||
| CVE-2025-53579 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captcha.eu Captcha.eu allows Reflected XSS. This issue affects Captcha.eu: from n/a through n/a. | ||||
| CVE-2025-53578 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kipso allows PHP Local File Inclusion. This issue affects Kipso: from n/a through 1.3.4. | ||||
| CVE-2025-53289 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0. | ||||
| CVE-2025-53248 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine allows PHP Local File Inclusion. This issue affects Magazine: from n/a through 1.2.2. | ||||
| CVE-2025-54725 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2025-08-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0. | ||||
| CVE-2025-54731 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1. | ||||
| CVE-2025-9352 | 2 Pronamic, Wordpress | 2 Google Maps, Wordpress | 2025-08-29 | 5.4 Medium |
| The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-58212 | 2 Epeken, Wordpress | 2 All Kurir, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1. | ||||
| CVE-2025-58203 | 2 Solacewp, Wordpress | 2 Solace Extra, Wordpress | 2025-08-29 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2. | ||||
| CVE-2025-58202 | 2 Pluginsandsnippets, Wordpress | 2 Simple Page Access Restriction, Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32. | ||||
| CVE-2025-48352 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5. | ||||
| CVE-2025-48311 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0. | ||||
| CVE-2025-48312 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 文派翻译(WP Chinese Translation) WPAvatar allows Stored XSS. This issue affects WPAvatar: from n/a through 1.9.3. | ||||
| CVE-2025-58196 | 2 Uicore, Wordpress | 2 Elements, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4. | ||||
| CVE-2025-48351 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4. | ||||
| CVE-2025-48314 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head allows Stored XSS. This issue affects Add Code To Head: from n/a through 1.17. | ||||
| CVE-2025-58194 | 2 Bold-themes, Wordpress | 2 Bold Page Builder, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3. | ||||