Export limit exceeded: 11824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52810 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | ||||
| CVE-2025-52811 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-52814 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.7. | ||||
| CVE-2025-52815 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through <= 1.9. | ||||
| CVE-2025-52817 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2. | ||||
| CVE-2025-52818 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1. | ||||
| CVE-2025-62998 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | ||||
| CVE-2025-52824 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3. | ||||
| CVE-2025-52823 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8. | ||||
| CVE-2025-52828 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through <= 3.8. | ||||
| CVE-2025-63039 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9. | ||||
| CVE-2025-52834 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7. | ||||
| CVE-2025-52835 | 2 Conoha By Gmo, Wordpress | 2 Wing Wordpress Migrator, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through <= 1.2.0. | ||||
| CVE-2025-52836 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. | ||||
| CVE-2025-6326 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0. | ||||
| CVE-2025-6382 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin’s render() method takes the user-supplied name attribute and injects it directly into a <script> tag - both in the id attribute and inside jQuery.getScript() - without proper escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9219 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_post_smtp_pro_option_callback' function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable pro extensions. | ||||
| CVE-2023-34014 | 2 G5theme, Wordpress | 2 Grid-plus, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2. | ||||
| CVE-2025-6385 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-64189 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6. | ||||