Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28984 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1. | ||||
| CVE-2025-28983 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect click-pledge-connect allows Privilege Escalation.This issue affects Click & Pledge Connect: from n/a through <= 25.04010101-WP6.8. | ||||
| CVE-2025-28982 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes wp-pipes allows SQL Injection.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-28981 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3. | ||||
| CVE-2025-28980 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through <= 0.7.2. | ||||
| CVE-2025-28979 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes wp-pipes allows PHP Local File Inclusion.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-28978 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs sb-breadcrumbs allows Reflected XSS.This issue affects SB Breadcrumbs: from n/a through <= 1.0. | ||||
| CVE-2025-28977 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes wp-pipes allows Reflected XSS.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-28976 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dsrodzin Email Address Security by WebEmailProtector webemailprotector allows Stored XSS.This issue affects Email Address Security by WebEmailProtector: from n/a through <= 3.3.6. | ||||
| CVE-2025-28975 | 2 Redqteam, Wordpress | 2 Alike Wordpress Custom Post Comparison, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1. | ||||
| CVE-2025-28974 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0. | ||||
| CVE-2025-28973 | 2 Aa-team, Wordpress | 2 Pro Bulk Watermark Plugin, Wordpress | 2026-04-23 | N/A |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0. | ||||
| CVE-2025-28972 | 2026-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through <= 3.5. | ||||
| CVE-2025-28971 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider easy-elements-hider allows Stored XSS.This issue affects Easy Elements Hider: from n/a through <= 2.0. | ||||
| CVE-2025-28970 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= 5.1.6. | ||||
| CVE-2025-28969 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget gallery-widget allows SQL Injection.This issue affects Gallery Widget: from n/a through <= 1.2.1. | ||||
| CVE-2025-28968 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall wp-wall allows Reflected XSS.This issue affects WP Wall: from n/a through <= 1.7.3. | ||||
| CVE-2025-28967 | 2026-04-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows SQL Injection.This issue affects Contact Us page - Contact people LITE: from n/a through <= 3.7.4. | ||||
| CVE-2025-28966 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1. | ||||
| CVE-2025-28965 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.6 High |
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7. | ||||