Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58967 | 2 Thememove, Wordpress | 2 Businext, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4. | ||||
| CVE-2025-58963 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | ||||
| CVE-2025-58959 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4. | ||||
| CVE-2025-58958 | 2 Thememove, Wordpress | 2 Smilepure, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5. | ||||
| CVE-2025-58951 | 2 Smartcmsmarket, Wordpress | 2 Advance Seat Reservation Management For Woocommerce, Wordpress | 2026-04-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This issue affects Advance Seat Reservation Management for WooCommerce: from n/a through <= 3.1. | ||||
| CVE-2025-58946 | 2 Axiomthemes, Wordpress | 2 Vocal, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12. | ||||
| CVE-2025-58947 | 2 Axiomthemes, Wordpress | 2 Athos, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9. | ||||
| CVE-2025-58945 | 2 Axiomthemes, Wordpress | 2 Ecogrow, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7. | ||||
| CVE-2025-58944 | 2 Axiomthemes, Wordpress | 2 Manufactory, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through <= 1.4. | ||||
| CVE-2025-69385 | 2 Agnihd, Wordpress | 2 Cartify - Woocommerce Gutenberg Wordpress Theme, Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-69378 | 2 Wordpress, Xforwoocommerce | 2 Wordpress, Product Filter For Woocommerce | 2026-04-27 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2. | ||||
| CVE-2025-68996 | 2 Webcodingplace, Wordpress | 2 Responsive Posts Carousel Plugin, Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1. | ||||
| CVE-2025-68980 | 2 Designthemes, Wordpress | 2 Wedesigntech-portfolio, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2. | ||||
| CVE-2025-68608 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.5 High |
| Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9. | ||||
| CVE-2025-68603 | 2 Marketing Fire, Wordpress | 2 Editorial Calendar, Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8. | ||||
| CVE-2025-68601 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-04-27 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8. | ||||
| CVE-2025-68600 | 2 Wordpress, Ylefebvre | 2 Wordpress, Link Library | 2026-04-27 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.7. | ||||
| CVE-2025-68595 | 2 Trustindex, Wordpress | 2 Widgets For Social Photo Feed, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8. | ||||
| CVE-2025-68594 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0. | ||||
| CVE-2025-68593 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||