Export limit exceeded: 346387 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346387 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31422 | 2026-04-23 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4. | ||||
| CVE-2025-31419 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeix Churel churel allows DOM-Based XSS.This issue affects Churel: from n/a through <= 1.0.8. | ||||
| CVE-2025-31418 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel gravel allows Reflected XSS.This issue affects Gravel: from n/a through <= 1.6. | ||||
| CVE-2025-31417 | 2 Fahad Mahmood, Wordpress | 2 Wp Docs, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7. | ||||
| CVE-2025-31416 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.8.4. | ||||
| CVE-2025-31415 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yayextra | 2026-04-23 | 7.6 High |
| Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2. | ||||
| CVE-2025-31414 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65. | ||||
| CVE-2025-31413 | 2 Bdthemes, Wordpress | 2 Element Pack Elementor Addons, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | ||||
| CVE-2025-31412 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through <= 2.1.22. | ||||
| CVE-2025-31411 | 2026-04-23 | 5.9 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12. | ||||
| CVE-2025-31410 | 2026-04-23 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation wp-church-donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through <= 1.7. | ||||
| CVE-2025-31409 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core bridge-core allows Stored XSS.This issue affects Bridge Core: from n/a through < 3.3.1. | ||||
| CVE-2025-31408 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3. | ||||
| CVE-2025-31407 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger tiger allows Stored XSS.This issue affects Tiger: from n/a through <= 2.0. | ||||
| CVE-2025-31406 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through <= 2.3.9. | ||||
| CVE-2025-31405 | 2026-04-23 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare fami-woocommerce-compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through <= 1.0.5. | ||||
| CVE-2025-31404 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4. | ||||
| CVE-2025-31403 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3. | ||||
| CVE-2025-31402 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller newsboard allows Stored XSS.This issue affects NewsBoard Post and RSS Scroller: from n/a through <= 1.2.12. | ||||
| CVE-2025-31401 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0. | ||||