Export limit exceeded: 346386 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346386 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39499 | 2026-04-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Medicare medicare allows Object Injection.This issue affects Medicare: from n/a through <= 2.1.0. | ||||
| CVE-2025-39498 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) spotlight-social-photo-feeds-premium allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through <= 1.7.1. | ||||
| CVE-2025-39497 | 2 Dokan, Wordpress | 2 Dokan Pro Plugin, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro dokan-pro allows Stored XSS.This issue affects Dokan Pro: from n/a through <= 3.14.5. | ||||
| CVE-2025-39496 | 2026-04-23 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro woofilter-pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a through < 2.9.6. | ||||
| CVE-2025-39495 | 2026-04-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Avantage avantage allows Object Injection.This issue affects Avantage: from n/a through <= 2.4.9. | ||||
| CVE-2025-39494 | 1 Qodeinteractive | 1 Wilmer | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2. | ||||
| CVE-2025-39493 | 1 Valvepress | 1 Rankie | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2. | ||||
| CVE-2025-39492 | 2026-04-23 | 7.5 High | ||
| Path Traversal: '.../...//' vulnerability in WHMPress WHMpress whmpress allows Relative Path Traversal.This issue affects WHMpress: from n/a through <= 6.2-revision-9. | ||||
| CVE-2025-39491 | 2026-04-23 | 8.1 High | ||
| Path Traversal: '.../...//' vulnerability in WHMPress WHMpress whmpress allows Path Traversal.This issue affects WHMpress: from n/a through <= 6.2-revision-9. | ||||
| CVE-2025-39490 | 2 Qodeinteractive, Wordpress | 2 Backpack Traveler, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. | ||||
| CVE-2025-39489 | 2026-04-23 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0. | ||||
| CVE-2025-39488 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= 8.8. | ||||
| CVE-2025-39487 | 1 Valvepress | 1 Rankie | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie valvepress-rankie allows Reflected XSS.This issue affects Rankie: from n/a through <= 1.8.2. | ||||
| CVE-2025-39486 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a through < 1.8.2. | ||||
| CVE-2025-39485 | 1 Themegoods | 1 Grand Tour | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6. | ||||
| CVE-2025-39484 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada entrada allows SQL Injection.This issue affects Entrada: from n/a through <= 5.7.7. | ||||
| CVE-2025-39483 | 2 Imithemes, Wordpress | 2 Eventer, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through < 3.9.9.1. | ||||
| CVE-2025-39482 | 1 Imithemes | 1 Eventer | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4. | ||||
| CVE-2025-39481 | 1 Imithemes | 1 Eventer | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through < 3.11.4. | ||||
| CVE-2025-39480 | 2026-04-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue affects Car Dealer: from n/a through < 1.6.8. | ||||