Export limit exceeded: 347167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54743 | 2 Mkscripts, Wordpress | 2 Download After Email, Wordpress | 2026-04-29 | 5.8 Medium |
| Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6. | ||||
| CVE-2025-58595 | 2 Saad Iqbal, Wordpress | 2 All In One Login, Wordpress | 2026-04-29 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | ||||
| CVE-2025-39451 | 2026-04-29 | 7.5 High | ||
| Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16. | ||||
| CVE-2025-53988 | 2 Crocoblock, Wordpress | 2 Jettabs For Elementor, Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18. | ||||
| CVE-2025-48261 | 1 Multivendorx | 1 Multivendorx | 2026-04-29 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22. | ||||
| CVE-2025-49433 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through <= 1.1. | ||||
| CVE-2025-53987 | 2 Crocoblock, Wordpress | 2 Jetelements, Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1. | ||||
| CVE-2025-53319 | 2 Raptive, Wordpress | 2 Raptive Ads, Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0. | ||||
| CVE-2025-53983 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7. | ||||
| CVE-2025-53985 | 2 Crocoblock, Wordpress | 2 Jettabs, Wordpress | 2026-04-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9. | ||||
| CVE-2025-53348 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3. | ||||
| CVE-2025-48147 | 2026-04-29 | 6.5 Medium | ||
| Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through <= 2.1.2. | ||||
| CVE-2025-47541 | 2026-04-29 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7. | ||||
| CVE-2025-47682 | 1 Cozyvision | 1 Sms Alert Order Notifications | 2026-04-29 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.1. | ||||
| CVE-2025-39562 | 1 Codepeople | 1 Payment Form For Paypal Pro | 2026-04-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through <= 1.1.72. | ||||
| CVE-2025-49919 | 2 Wordpress, Wpcenter | 2 Wordpress, Eroom | 2026-04-29 | 5.8 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6. | ||||
| CVE-2025-49454 | 2026-04-29 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0. | ||||
| CVE-2025-47438 | 1 Wpjobportal | 1 Wp Job Portal | 2026-04-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.3.1. | ||||
| CVE-2025-47618 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This issue affects BMI Adult & Kid Calculator: from n/a through <= 1.2.2. | ||||
| CVE-2025-49437 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL Rotation: from n/a through <= 1.0. | ||||