Export limit exceeded: 344155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75443 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68852 | 2 Webmuehle, Wordpress | 2 Court Reservation, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.11. | ||||
| CVE-2025-68601 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8. | ||||
| CVE-2025-68595 | 2 Trustindex, Wordpress | 2 Widgets For Social Photo Feed, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8. | ||||
| CVE-2025-68594 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0. | ||||
| CVE-2025-68591 | 2 Mitchell Bennis, Wordpress | 2 Simple File List, Wordpress | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18. | ||||
| CVE-2025-68589 | 2 Wordpress, Wpsocio | 2 Wordpress, Wp Telegram Widget And Join Link | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.12. | ||||
| CVE-2025-68588 | 2 Total-soft, Wordpress | 2 Ts Poll, Wordpress | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5. | ||||
| CVE-2025-68586 | 2 Goratech, Wordpress | 2 Cooked, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.3. | ||||
| CVE-2025-68575 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through <= 2.7.6. | ||||
| CVE-2025-68571 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.9.0. | ||||
| CVE-2025-68569 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39. | ||||
| CVE-2025-68568 | 2 Popup Builder, Wordpress | 2 Popup Builder, Wordpress | 2026-04-01 | 7.5 High |
| Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wheel & Email Capture: from n/a through <= 1.0.7. | ||||
| CVE-2025-68567 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.33. | ||||
| CVE-2025-68069 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-04-01 | 7.1 High |
| Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6. | ||||
| CVE-2025-68056 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through <= 5.4.4. | ||||
| CVE-2025-68047 | 2 Arraytics, Wordpress | 2 Eventin, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.3. | ||||
| CVE-2025-64634 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2. | ||||
| CVE-2025-64284 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.0.7. | ||||
| CVE-2025-63074 | 2 Dream-theme, Wordpress | 2 The7, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through < 12.8.1.1. | ||||
| CVE-2025-63057 | 2 Roxnor, Wordpress | 2 Wp Ultimate Review, Wordpress | 2026-04-01 | 8.2 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.7. | ||||