Export limit exceeded: 346275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346275 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46435 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting time-based-greeting allows Stored XSS.This issue affects Time Based Greeting: from n/a through <= 2.2.2. | ||||
| CVE-2025-46434 | 3 Elementor, Posimyth, Wordpress | 3 Elementor, The Plus Addons For Elementor, Wordpress | 2026-04-23 | N/A |
| Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7. | ||||
| CVE-2025-46264 | 2026-04-23 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting powerpress allows Upload a Web Shell to a Web Server.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5. | ||||
| CVE-2025-46263 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts author-box-after-posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through <= 1.6. | ||||
| CVE-2025-46262 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress mad-mimi allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through <= 1.5.1. | ||||
| CVE-2025-46261 | 1 Castos | 1 Seriously Simple Podcasting | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.9.0. | ||||
| CVE-2025-46260 | 2 Wordpress, Wowdevs | 2 Wordpress, Sky Addons For Elementor | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through <= 3.0.1. | ||||
| CVE-2025-46259 | 2026-04-23 | 5.4 Medium | ||
| Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro theplus_elementor_addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through < 6.3.7. | ||||
| CVE-2025-46258 | 2026-04-23 | 5.4 Medium | ||
| Missing Authorization vulnerability in BdThemes Element Pack Pro bdthemes-element-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a through < 8.0.0. | ||||
| CVE-2025-46257 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro bdthemes-element-pack allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a through < 8.0.0. | ||||
| CVE-2025-46256 | 2 Sigmaplugin, Wordpress | 2 Advanced Database Cleaner, Wordpress | 2026-04-23 | 6.4 Medium |
| Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO advanced-database-cleaner-pro allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through <= 3.2.10. | ||||
| CVE-2025-46255 | 2 Marketing Fire, Wordpress | 2 Loginwp, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro loginwp-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through <= 4.0.8.5. | ||||
| CVE-2025-46254 | 1 Visualcomposer | 1 Visual Composer Website Builder | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through <= 45.10.0. | ||||
| CVE-2025-46253 | 1 Wpmet | 1 Gutenkit | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through <= 2.2.2. | ||||
| CVE-2025-46252 | 1 Kofimokome | 1 Message Filter For Contact Form 7 | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows SQL Injection.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.2. | ||||
| CVE-2025-46251 | 1 E4jconnect | 1 Vikrestaurants Table Reservations And Take-away | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Cross Site Request Forgery.This issue affects VikRestaurants: from n/a through <= 1.3.3. | ||||
| CVE-2025-46250 | 1 Vikasratudi | 1 Lifetime Free Drag \& Drop Contact Form Builder | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Stored XSS.This issue affects VPSUForm: from n/a through <= 3.1.14. | ||||
| CVE-2025-46249 | 1 Migaweb | 1 Simple Calendar For Elementor | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through <= 1.6.4. | ||||
| CVE-2025-46248 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows SQL Injection.This issue affects Frontend Dashboard: from n/a through <= 2.2.5. | ||||
| CVE-2025-46247 | 1 Codepeople | 1 Appointment Booking Calendar | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||||