Export limit exceeded: 345798 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345798 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32255 | 2 Era404, Wordpress | 2 Stafflist, Wordpress | 2026-04-15 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through <= 3.2.7. | ||||
| CVE-2025-32256 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in devsoftbaltic SurveyJS surveyjs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SurveyJS: from n/a through <= 1.12.20. | ||||
| CVE-2025-32257 | 2026-04-15 | N/A | ||
| Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7. | ||||
| CVE-2025-32258 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in InfoGiants Simple Website Logo simple-website-logo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Website Logo: from n/a through <= 1.1. | ||||
| CVE-2025-32259 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Alimir WP ULike wp-ulike.This issue affects WP ULike: from n/a through <= 4.7.9.1. | ||||
| CVE-2025-32260 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10. | ||||
| CVE-2025-32261 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight wp-spotlight-search allows Cross Site Request Forgery.This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through <= 1.1.1. | ||||
| CVE-2025-32265 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.3.9. | ||||
| CVE-2025-32266 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) broken-images-redirection allows Cross Site Request Forgery.This issue affects 404 Image Redirection (Replace Broken Images): from n/a through <= 1.4. | ||||
| CVE-2025-32406 | 2026-04-15 | 8.6 High | ||
| An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response. | ||||
| CVE-2025-32285 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Butcher butcher allows Reflected XSS.This issue affects Butcher: from n/a through < 2.54. | ||||
| CVE-2025-32286 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher butcher allows PHP Local File Inclusion.This issue affects Butcher: from n/a through <= 2.40. | ||||
| CVE-2025-32289 | 2026-04-15 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: from n/a through <= 2.0.63. | ||||
| CVE-2025-32291 | 2 Fantasticplugins, Wordpress | 2 Sumo Affiliates Pro, Wordpress | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0. | ||||
| CVE-2025-32292 | 2026-04-15 | N/A | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress jarvis allows Object Injection.This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through <= 1.8.11. | ||||
| CVE-2025-32293 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8. | ||||
| CVE-2025-32294 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan oxpitan allows PHP Local File Inclusion.This issue affects Oxpitan: from n/a through <= 1.3.5. | ||||
| CVE-2025-32295 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wordpresschef Salon Booking Pro salon-booking-plugin-pro-cc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon Booking Pro: from n/a through <= 10.10.2. | ||||
| CVE-2025-32297 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1. | ||||
| CVE-2025-32298 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through <= 1.0.0. | ||||