Export limit exceeded: 344767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344767 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22532 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Simple Photo Sphere simple-photo-sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through <= 0.0.10. | ||||
| CVE-2025-22533 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0. | ||||
| CVE-2025-22534 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Ella Van Durpe Slides & Presentations slide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through <= 0.0.39. | ||||
| CVE-2025-22536 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through <= 1.3. | ||||
| CVE-2025-2727 | 2026-04-15 | 8 High | ||
| A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2024-8667 | 2026-04-15 | 4.3 Medium | ||
| The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft. | ||||
| CVE-2025-22537 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route google-maps-travel-route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through <= 1.3.1. | ||||
| CVE-2025-27275 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale woo-codice-fiscale allows Reflected XSS.This issue affects WOO Codice Fiscale: from n/a through <= 1.6.3. | ||||
| CVE-2024-9830 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-22538 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0. | ||||
| CVE-2024-8985 | 2026-04-15 | 6.4 Medium | ||
| The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-8990 | 2 Cyberhobo, Wordpress | 2 Geo Mashup, Wordpress | 2026-04-15 | 6.4 Medium |
| The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22539 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through <= 2.1.34. | ||||
| CVE-2025-27280 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through <= 1.0.2. | ||||
| CVE-2025-32029 | 2026-04-15 | N/A | ||
| ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop. The issue is patched in version 1.0.4. If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1. | ||||
| CVE-2025-22540 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1. | ||||
| CVE-2025-27281 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: from n/a through <= 1.1.5. | ||||
| CVE-2025-22542 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0. | ||||
| CVE-2025-27289 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Guillien Restrict Taxonomies restrict-taxonomies allows Reflected XSS.This issue affects Restrict Taxonomies: from n/a through <= 1.3.3. | ||||
| CVE-2024-9272 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||