Export limit exceeded: 346192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346192 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39357 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). | ||||
| CVE-2025-39355 | 1 Roninwp | 1 Fat Services Booking | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through <= 5.6. | ||||
| CVE-2025-39351 | 1 Themegoods | 1 Grand Restaurant | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Cross Site Request Forgery.This issue affects Grand Restaurant: from n/a through <= 7.0. | ||||
| CVE-2025-39352 | 1 Themegoods | 1 Grand Restaurant | 2026-04-23 | 8.2 High |
| Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0. | ||||
| CVE-2025-3701 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through <= 16.8. | ||||
| CVE-2025-32691 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.12.6. | ||||
| CVE-2025-32928 | 1 Themegoods | 1 Altair | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through <= 5.2.2. | ||||
| CVE-2025-3704 | 2026-04-23 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a through < 5.5.5. | ||||
| CVE-2025-3703 | 2 Wipeoutmedia, Wordpress | 2 Css & Javascript Toolbox, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through < 12.0.3. | ||||
| CVE-2025-32920 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0. | ||||
| CVE-2025-3702 | 2 Melapress, Wordpress | 2 Melapress File Monitor, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0. | ||||
| CVE-2025-32925 | 1 Fantasticplugins | 1 Sumo Reward Points | 2026-04-23 | 8.3 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through <= 30.7.0. | ||||
| CVE-2025-32686 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4. | ||||
| CVE-2025-32693 | 1 Webinarpress | 1 Webinarpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28. | ||||
| CVE-2025-39348 | 1 Themegoods | 1 Grand Restaurant | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0. | ||||
| CVE-2025-32687 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0. | ||||
| CVE-2025-32927 | 1 Chimpgroup | 1 Foodbakery | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This issue affects FoodBakery: from n/a through <= 3.3. | ||||
| CVE-2025-32695 | 2026-04-23 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5. | ||||
| CVE-2025-32690 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5. | ||||
| CVE-2025-32929 | 2026-04-23 | 7.5 High | ||
| Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.4. | ||||