Export limit exceeded: 346245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346245 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47671 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binary MLM Plan: from n/a through <= 3.0. | ||||
| CVE-2025-47670 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.6.10. | ||||
| CVE-2025-47669 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap cbxgooglemap allows DOM-Based XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through <= 1.1.12. | ||||
| CVE-2025-47668 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode cookiecode allows Stored XSS.This issue affects CookieCode: from n/a through <= 2.4.4. | ||||
| CVE-2025-47667 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent liveagent allows Cross Site Request Forgery.This issue affects LiveAgent: from n/a through <= 4.4.7. | ||||
| CVE-2025-47666 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7. | ||||
| CVE-2025-47665 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bistromatic N360 | Splash Screen n360-splash-screen allows Stored XSS.This issue affects N360 | Splash Screen: from n/a through <= 1.0.6. | ||||
| CVE-2025-47664 | 1 Thimpress | 1 Wp Pipes | 2026-04-23 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes wp-pipes allows Server Side Request Forgery.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-47663 | 3 Hospital Management System, Hospital Management System Project, Wordpress | 3 Hospital Management System, Hospital Management System, Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). | ||||
| CVE-2025-47662 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox woobox allows Stored XSS.This issue affects Woobox: from n/a through <= 1.6. | ||||
| CVE-2025-47661 | 2026-04-23 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 pgall-for-woocommerce allows Cross Site Request Forgery.This issue affects 워드프레스 결제 심플페이: from n/a through <= 5.2.11. | ||||
| CVE-2025-47660 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16. | ||||
| CVE-2025-47659 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through <= 1.0.4.3. | ||||
| CVE-2025-47658 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.2.9. | ||||
| CVE-2025-47657 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce allows SQL Injection.This issue affects Productive Commerce: from n/a through <= 1.1.42. | ||||
| CVE-2025-47656 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiracle Themes Spiraclethemes Site Library spiraclethemes-site-library allows Stored XSS.This issue affects Spiraclethemes Site Library: from n/a through <= 1.5.4. | ||||
| CVE-2025-47655 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7. | ||||
| CVE-2025-47654 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through <= 7.5.20. | ||||
| CVE-2025-47653 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall wp-recall allows PHP Local File Inclusion.This issue affects WP-Recall: from n/a through <= 16.26.14. | ||||
| CVE-2025-47652 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.13.4. | ||||