Export limit exceeded: 347488 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347488 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12353 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2026-04-22 | 5.3 Medium |
| The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled. | ||||
| CVE-2025-9334 | 2 Codesolz, Wordpress | 2 Better Find And Replace, Wordpress | 2026-04-22 | 8.8 High |
| The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafar_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to call arbitrary plugin functions and execute code within those functions. | ||||
| CVE-2025-11805 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skipto' shortcode in all versions up to, and including, 1.4.4. This is due to insufficient input sanitization and output escaping on the 'time' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12018 | 2 Sourcefound, Wordpress | 2 Membershipworks, Wordpress | 2026-04-22 | 4.4 Medium |
| The MembershipWorks – Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-8397 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-11265 | 2 Kurudrive, Wordpress | 2 Vk All In One Expansion Unit, Wordpress | 2026-04-22 | 6.4 Medium |
| The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnit_cta_url' and 'vkExUnit_cta_button_text' parameters in all versions up to, and including, 9.112.1. This is due to a logic error in the CTA save function that reads sanitization callbacks from the wrong variable ($custom_field_name instead of $custom_field_options), causing the sanitization to never be applied. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that execute when a user accesses an injected page.", | ||||
| CVE-2025-11885 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.1 Medium |
| The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-12160 | 2 N-media, Wordpress | 2 Simple User Registration, Wordpress | 2026-04-22 | 7.2 High |
| The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9873 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 6.4 Medium |
| The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-0969 | 2 Brizy, Wordpress | 3 Brizy, Brizy-page Builder, Wordpress | 2026-04-22 | 6.5 Medium |
| The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including email addresses and hashed passwords of administrators. | ||||
| CVE-2025-11369 | 2 Wordpress, Wpdevteam | 2 Wordpress, Gutenberg Essential Blocks | 2026-04-22 | 4.3 Medium |
| The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_save_callback and get_siteinfo functions in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with Author-level access and above, to view API keys configured for the external services. | ||||
| CVE-2025-10484 | 3 Fmeaddons, Woocommerce, Wordpress | 3 Registration And Login With Mobile Phone Number For Woocommerce, Woocommerce, Wordpress | 2026-04-22 | 9.8 Critical |
| The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password. | ||||
| CVE-2025-10753 | 2 Cyberlord92, Wordpress | 2 Oauth Single Sign On – Sso (oauth Client), Wordpress | 2026-04-22 | 5.3 Medium |
| The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' option parameter. This makes it possible for unauthenticated attackers to set the global redirect URL option via the redirect_url parameter granted they can access the site directly. | ||||
| CVE-2025-6792 | 2 Amentotechpvtltd, Wordpress | 2 One To One User Chat By Wpguppy, Wordpress | 2026-04-22 | 5.3 Medium |
| The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to intercept and view private chat messages between users. | ||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2026-04-22 | 8.8 High |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||||
| CVE-2016-20049 | 1 Varaneckas | 1 Jad Java Decompiler | 2026-04-22 | 9.8 Critical |
| JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context. | ||||
| CVE-2015-1427 | 2 Elastic, Redhat | 4 Elasticsearch, Fuse, Jboss Amq and 1 more | 2026-04-22 | 9.8 Critical |
| The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. | ||||
| CVE-2014-100005 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2026-04-22 | 8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. | ||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2026-04-22 | 6.5 Medium |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | ||||
| CVE-2026-33619 | 1 Pinchtab | 1 Pinchtab | 2026-04-22 | 4.1 Medium |
| PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to `POST /tasks` with a user-controlled `callbackUrl`, the v0.8.3 scheduler sends an outbound HTTP `POST` to that URL when the task reaches a terminal state. In that release, the webhook path validated only the URL scheme and did not reject loopback, private, link-local, or other non-public destinations. Because the v0.8.3 implementation also used the default HTTP client behavior, redirects were followed and the destination was not pinned to validated IPs. This allowed blind SSRF from the PinchTab server to attacker-chosen HTTP(S) targets reachable from the server. This issue is narrower than a general unauthenticated internet-facing SSRF. The scheduler is optional and off by default, and in token-protected deployments the attacker must already be able to submit tasks using the server's master API token. In PinchTab's intended deployment model, that token represents administrative control rather than a low-privilege role. Tokenless deployments lower the barrier further, but that is a separate insecure configuration state rather than impact created by the webhook bug itself. PinchTab's default deployment model is local-first and user-controlled, with loopback bind and token-based access in the recommended setup. That lowers practical risk in default use, even though it does not remove the underlying webhook issue when the scheduler is enabled and reachable. This was addressed in v0.8.4 by validating callback targets before dispatch, rejecting non-public IP ranges, pinning delivery to validated IPs, disabling redirect following, and validating `callbackUrl` during task submission. | ||||