Export limit exceeded: 346568 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68039 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.1.0. | ||||
| CVE-2025-68038 | 2 Icegram, Wordpress | 2 Icegram Express, Wordpress | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14. | ||||
| CVE-2025-68036 | 2 Emraan Cheema, Wordpress | 2 Cubewp, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27. | ||||
| CVE-2025-68034 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.21. | ||||
| CVE-2025-68033 | 2 Brechtvds, Wordpress | 2 Custom Related Posts, Wordpress | 2026-04-23 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0. | ||||
| CVE-2025-68020 | 2 Wanotifier, Wordpress | 2 Wanotifier, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.13. | ||||
| CVE-2025-68017 | 2 Antideo, Wordpress | 2 Email Validator, Wordpress | 2026-04-23 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10. | ||||
| CVE-2025-68014 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through <= 3.2.26. | ||||
| CVE-2025-68013 | 3 Cardpaysolutions, Woocommerce, Wordpress | 3 Payment Gateway Authorize.net Cim For Woocommerce, Woocommerce, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2. | ||||
| CVE-2025-68009 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3. | ||||
| CVE-2025-68007 | 2 Eventespresso, Wordpress | 2 Event Espresso 4 Decaf, Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf. | ||||
| CVE-2025-68003 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10. | ||||
| CVE-2025-68001 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0. | ||||
| CVE-2025-67999 | 2 Stefanno Lissa, Wordpress | 2 Newsletter, Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9. | ||||
| CVE-2025-67989 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3. | ||||
| CVE-2025-67986 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7. | ||||
| CVE-2025-67985 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through <= 1.1.7. | ||||
| CVE-2025-67965 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3. | ||||
| CVE-2024-10242 | 1 Wso2 | 2 Api Manager, Wso2 Api Manager | 2026-04-23 | 6.1 Medium |
| The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking. | ||||
| CVE-2025-67962 | 2 Aioseo, Wordpress | 2 Broken Link Checker, Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6. | ||||