Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30853 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0. | ||||
| CVE-2025-30904 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7. | ||||
| CVE-2025-30905 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3. | ||||
| CVE-2025-30909 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3. | ||||
| CVE-2025-30911 | 2 Rometheme, Wordpress | 2 Romethemekit For Elementor, Wordpress | 2025-07-12 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4. | ||||
| CVE-2025-30925 | 2 Webangon, Wordpress | 2 The Pack Elementor Addons, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1. | ||||
| CVE-2025-31002 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6. | ||||
| CVE-2025-31020 | 2 Webliberty, Wordpress | 2 Simple Spoiler, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS. This issue affects Simple Spoiler: from n/a through 1.4. | ||||
| CVE-2025-31075 | 2 Videowhisper, Wordpress | 2 Micropayments, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29. | ||||
| CVE-2025-31081 | 2 Shortpixel, Wordpress | 2 Enable Media Replace, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Reflected XSS. This issue affects Enable Media Replace: from n/a through 4.1.5. | ||||
| CVE-2025-31083 | 2 Wordpress, Zeen101 | 2 Wordpress, Leaky Paywall | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7. | ||||
| CVE-2025-31088 | 2 Cozmoslabs, Wordpress | 2 Paid Member Subscriptions, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3. | ||||
| CVE-2025-31387 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82. | ||||
| CVE-2025-31417 | 2 Fahad Mahmood, Wordpress | 2 Wp Docs, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a. | ||||
| CVE-2025-31481 | 1 Api-platform | 1 Core | 2025-07-12 | 7.5 High |
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17. | ||||
| CVE-2025-31489 | 1 Minio | 1 Minio | 2025-07-12 | 7.5 High |
| MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access to - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z. | ||||
| CVE-2025-31552 | 2 Davidfcarr, Wordpress | 2 Rsvpmarker, Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8. | ||||
| CVE-2025-31565 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10. | ||||
| CVE-2025-31613 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6. | ||||
| CVE-2025-31619 | 2 Marcoingraiti, Wordpress | 2 Actionwear Products Sync, Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3. | ||||