Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54746 | 2 Cartpauj, Wordpress | 2 Shortcode-redirect, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a through 1.0.02. | ||||
| CVE-2025-54739 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2025-08-15 | 5.3 Medium |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a through 4.5.4. | ||||
| CVE-2025-54732 | 2 Shahjada, Wordpress | 2 Wpdm Premium Packages, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2. | ||||
| CVE-2025-54708 | 2 Bplugins, Wordpress | 2 B Blocks, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a through 2.0.5. | ||||
| CVE-2025-54054 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: from n/a through 3.18.3. | ||||
| CVE-2025-53581 | 2 Artiosmedia, Wordpress | 2 Rss Feed Pro, Wordpress | 2025-08-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1.8. | ||||
| CVE-2025-55712 | 2 Posimyth, Wordpress | 2 The Plus Addons For Elementor Page Builder Lite, Wordpress | 2025-08-15 | 6.5 Medium |
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13. | ||||
| CVE-2025-55714 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9. | ||||
| CVE-2025-53330 | 2 Wordpress, Wpestate | 2 Wordpress, Wp Rentals | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/a through 3.13.1. | ||||
| CVE-2025-52797 | 2 Josepsitjar, Wordpress | 2 Storymap, Wordpress | 2025-08-15 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1. | ||||
| CVE-2025-52771 | 2 Bcupham, Wordpress | 2 Video Expander, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander: from n/a through 1.0. | ||||
| CVE-2025-52765 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2025-08-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | ||||
| CVE-2025-8676 | 2 Bplugins, Wordpress | 2 B Slider, Wordpress | 2025-08-15 | 4.3 Medium |
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information. | ||||
| CVE-2025-54747 | 2 Wordpress, Wpbakery | 2 Wordpress, Templatera | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS. This issue affects Templatera: from n/a through 2.3.0. | ||||
| CVE-2025-49321 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28. | ||||
| CVE-2025-49064 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10. | ||||
| CVE-2025-49063 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6. | ||||
| CVE-2025-49062 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through 2.0.3. | ||||
| CVE-2025-25174 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 10 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4. | ||||
| CVE-2025-49061 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos Embed: from n/a through 0.9.1. | ||||