Export limit exceeded: 346222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31058 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a through <= 2.9.2. | ||||
| CVE-2025-31057 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player elementor_widget_universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 1.4.0. | ||||
| CVE-2025-31056 | 2026-04-23 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce WhatsCart-for-WooCommerce allows SQL Injection.This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through <= 1.1.0. | ||||
| CVE-2025-31055 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress electrician allows Reflected XSS.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 1.0. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through <= 2.0.8. | ||||
| CVE-2025-31053 | 2026-04-23 | 7.7 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Path Traversal.This issue affects KBx Pro Ultimate: from n/a through < 8.0.5. | ||||
| CVE-2025-31052 | 2026-04-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4. | ||||
| CVE-2025-31051 | 2 Engotheme, Wordpress | 2 Plant, Wordpress | 2026-04-23 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme plant allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through <= 1.0.0. | ||||
| CVE-2025-31050 | 2026-04-23 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2.5. | ||||
| CVE-2025-31049 | 2026-04-23 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton Dash dash allows Object Injection.This issue affects Dash: from n/a through <= 1.3. | ||||
| CVE-2025-31048 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through <= 1.1.4. | ||||
| CVE-2025-31047 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themify Themify Edmin edmin allows Object Injection.This issue affects Themify Edmin: from n/a through <= 2.0.0. | ||||
| CVE-2025-31046 | 2 Wordpress, Wpvibes | 2 Wordpress, Anywhere Elementor | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro anywhere-elementor-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through <= 2.29. | ||||
| CVE-2025-31045 | 2026-04-23 | 7.5 High | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget elfsight-contact-form allows Retrieve Embedded Sensitive Data.This issue affects elfsight Contact Form widget: from n/a through <= 2.3.1. | ||||
| CVE-2025-31044 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack premium-seo-pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through <= 3.3.2. | ||||
| CVE-2025-31043 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= 3.5.7. | ||||
| CVE-2025-31042 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in rtakao Sandwich Adsense firsth3tagadsense allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sandwich Adsense: from n/a through <= 4.0.2. | ||||
| CVE-2025-31041 | 2026-04-23 | 7.5 High | ||
| Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.0.4. | ||||
| CVE-2025-31040 | 2026-04-23 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through <= 2.7. | ||||
| CVE-2025-31039 | 2026-04-23 | 9.1 Critical | ||
| Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3. | ||||