Export limit exceeded: 11910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66113 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through <= 1.2.18. | ||||
| CVE-2025-52761 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through <= 1.4.0. | ||||
| CVE-2025-52765 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3. | ||||
| CVE-2025-52767 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3. | ||||
| CVE-2025-6679 | 2 Bitpressadmin, Wordpress | 2 Contact Form By Bit Form Multi Step Form, Wordpress | 2026-04-15 | 9.8 Critical |
| The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. For this to be exploitable, the PRO version needs to be installed and activated as well. Additionally a form with an advanced file upload element needs to be published. | ||||
| CVE-2025-8091 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2025-24766 | 2 Wordpress, Wp-royal-themes | 2 Wordpress, News Magazine X | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a through <= 1.2.37. | ||||
| CVE-2025-52801 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4. | ||||
| CVE-2025-52805 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1. | ||||
| CVE-2025-52826 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-52796 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14. | ||||
| CVE-2025-9196 | 2 Sergiotrinity, Wordpress | 2 Trinity Audio, Wordpress | 2026-04-15 | 5.3 Medium |
| The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data. | ||||
| CVE-2025-28887 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through <= 0.1.3. | ||||
| CVE-2025-60235 | 3 Plugify, Woocommerce, Wordpress | 3 Helpdesk Support Ticket System For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce (Premium): from n/a through <= 2.0.7. | ||||
| CVE-2025-53261 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live wp-youtube-live allows Cross Site Request Forgery.This issue affects WP YouTube Live: from n/a through <= 1.10.0. | ||||
| CVE-2025-58986 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4. | ||||
| CVE-2025-53295 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through <= 2.0.7. | ||||
| CVE-2025-11271 | 2 Smub, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-04-15 | 5.3 Medium |
| The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this value is attacker-supplied, an unauthenticated actor can submit a forged IPN and have it treated as verified, even on production sites and with verification otherwise enabled. A valid PayPal transaction id is needed, restricting order manipulation to orders placed by the attacker. This, in turn, requires them to have a customer account. | ||||
| CVE-2025-53299 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer tmm_content_composer allows Object Injection.This issue affects ThemeMakers Visual Content Composer: from n/a through <= 1.5.8. | ||||
| CVE-2025-53303 | 2 Thememove, Wordpress | 2 Core, Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue affects ThemeMove Core: from n/a through <= 1.4.2. | ||||