Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62923 | 3 Debuggers Studio, Elementor, Wordpress | 3 Marquee Addons For Elementor, Elementor, Wordpress | 2026-04-15 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio Marquee Addons for Elementor marquee-addons-for-elementor allows DOM-Based XSS.This issue affects Marquee Addons for Elementor: from n/a through <= 3.8.2. | ||||
| CVE-2025-62931 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9. | ||||
| CVE-2025-62935 | 3 Ilmosys, Woocommerce, Wordpress | 3 Open Close Woocommerce Store, Woocommerce, Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9. | ||||
| CVE-2025-62938 | 2 Reoon Technology, Wordpress | 2 Reoon Email Verifier, Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1. | ||||
| CVE-2024-54352 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2. | ||||
| CVE-2024-54354 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in beat.k Termin-Kalender termin-kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through <= 0.99.47. | ||||
| CVE-2024-54359 | 2 Saul Morales Pacheco, Wordpress | 2 Banner System, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through <= 1.0.0. | ||||
| CVE-2024-54361 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2. | ||||
| CVE-2024-54373 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gardenberg EduAdmin Booking eduadmin-booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through <= 5.2.0. | ||||
| CVE-2024-54375 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Woolook woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through <= 1.7.0. | ||||
| CVE-2024-54401 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1. | ||||
| CVE-2024-3664 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author. | ||||
| CVE-2024-54402 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6. | ||||
| CVE-2024-54404 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar mdc-comment-toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through <= 1.1. | ||||
| CVE-2024-54409 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0. | ||||
| CVE-2024-54418 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. DTC Documents dtc-documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through <= 1.1.05. | ||||
| CVE-2024-54419 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through <= 1.1. | ||||
| CVE-2025-12629 | 2 K-78, Wordpress | 2 Broken Link Manager, Wordpress | 2026-04-15 | 7.1 High |
| The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5456 | 3 Panda Video, Pandavideo, Wordpress | 3 Panda Video, Panda Video, Wordpress | 2026-04-15 | 8.8 High |
| The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-37096 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1. | ||||