Export limit exceeded: 347031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26005 | 2026-04-28 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush: from n/a through 1.3.4. | ||||
| CVE-2023-25998 | 2026-04-28 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from n/a through 2.6. | ||||
| CVE-2023-25999 | 2026-04-28 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n/a through 2.4. | ||||
| CVE-2023-26000 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1. | ||||
| CVE-2023-25985 | 1 Tooltips | 1 Wordpress Tooltips | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5. | ||||
| CVE-2023-25994 | 1 Publish To Schedule Project | 1 Publish To Schedule | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions. | ||||
| CVE-2023-25983 | 1 Logon | 1 Kb Support | 2026-04-28 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | ||||
| CVE-2023-25995 | 2026-04-28 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects AI Mortgage Calculator: from n/a through 1.0.1. | ||||
| CVE-2023-25990 | 1 Themeum | 1 Tutor Lms | 2026-04-28 | 7.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | ||||
| CVE-2023-25993 | 2 Webberzone, Wordpress | 2 Top 10, Wordpress | 2026-04-28 | 4.3 Medium |
| Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | ||||
| CVE-2023-25988 | 2026-04-28 | 7.5 High | ||
| Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6. | ||||
| CVE-2023-25800 | 1 Themeum | 1 Tutor Lms | 2026-04-28 | 8.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | ||||
| CVE-2023-25959 | 2 Apollo13themes, Wordpress | 2 Apollo13 Framework Extensions, Wordpress | 2026-04-28 | 5.4 Medium |
| Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10. | ||||
| CVE-2023-25965 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0. | ||||
| CVE-2023-25966 | 1 Ninjateam | 1 Filebird | 2026-04-28 | 5.5 Medium |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | ||||
| CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2026-04-28 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25975 | 1 Etsy Shop Project | 1 Etsy Shop | 2026-04-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions. | ||||
| CVE-2023-25960 | 1 Zendrop | 1 Zendrop | 2026-04-28 | 10 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25785 | 2026-04-28 | 5.3 Medium | ||
| Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | ||||
| CVE-2023-25790 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-28 | 5.3 Medium |
| Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | ||||