Export limit exceeded: 346260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346260 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26979 | 2026-04-23 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.9.0. | ||||
| CVE-2025-26978 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8. | ||||
| CVE-2025-26977 | 1 Ninjateam | 1 Filebird | 2026-04-23 | 3.8 Low |
| Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.4.2.1. | ||||
| CVE-2025-26976 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.4. | ||||
| CVE-2025-26975 | 2026-04-23 | 5.3 Medium | ||
| Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Strong Testimonials: from n/a through <= 3.2.3. | ||||
| CVE-2025-26974 | 2026-04-23 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.1. | ||||
| CVE-2025-26973 | 1 Warfareplugins | 1 Social Warfare | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare social-warfare allows DOM-Based XSS.This issue affects Social Warfare: from n/a through <= 4.5.5. | ||||
| CVE-2025-26972 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2025-26971 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through <= 5.6.5. | ||||
| CVE-2025-26970 | 1 Arktheme | 1 The Ark | 2026-04-23 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through < 1.71.0. | ||||
| CVE-2025-26969 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.3 High |
| Missing Authorization vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2025-26968 | 2026-04-23 | 7.5 High | ||
| Missing Authorization vulnerability in webbernaut Cloak Front End Email cloak-front-end-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloak Front End Email: from n/a through <= 1.9.5. | ||||
| CVE-2025-26967 | 1 Wpgeodirectory | 1 Events Calendar* | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through <= 2.3.14. | ||||
| CVE-2025-26966 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | ||||
| CVE-2025-26964 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.20. | ||||
| CVE-2025-26963 | 1 Flowdee | 1 Clickwhale | 2026-04-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through <= 2.4.3. | ||||
| CVE-2025-26962 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through <= 1.1.25. | ||||
| CVE-2025-26961 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.6 High |
| Missing Authorization vulnerability in FRESHFACE Fresh Framework fresh-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Fresh Framework: from n/a through <= 1.70.0. | ||||
| CVE-2025-26960 | 2026-04-23 | 6.5 Medium | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Unishippers Edition: from n/a through <= 2.4.9. | ||||
| CVE-2025-26959 | 2026-04-23 | 8.8 High | ||
| Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24. | ||||