Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24538 | 2026-04-23 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through <= 3.6.10. | ||||
| CVE-2025-24537 | 2026-04-23 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0. | ||||
| CVE-2025-24536 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThriveDesk ThriveDesk thrivedesk allows Reflected XSS.This issue affects ThriveDesk: from n/a through <= 2.0.6. | ||||
| CVE-2025-24535 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Donation skt-donation allows Reflected XSS.This issue affects SKT Donation: from n/a through <= 1.9. | ||||
| CVE-2025-24534 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dinamiko DPortfolio dportfolio allows Reflected XSS.This issue affects DPortfolio: from n/a through <= 2.0. | ||||
| CVE-2025-24533 | 2026-04-23 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.92.0. | ||||
| CVE-2025-24001 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ngô Thắng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through <= 0.1.3. | ||||
| CVE-2025-24000 | 2 Wordpress, Wpexperts | 2 Wordpress, Post Smtp | 2026-04-23 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0. | ||||
| CVE-2025-23999 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.13. | ||||
| CVE-2025-23998 | 1 Rarathemes | 1 The Ultralight | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2. | ||||
| CVE-2025-23997 | 2026-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tamara Solution Tamara Checkout tamara-checkout allows Stored XSS.This issue affects Tamara Checkout: from n/a through < 1.9.9.1. | ||||
| CVE-2025-23996 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AnyRoad AnyRoad anyguide allows Cross Site Request Forgery.This issue affects AnyRoad: from n/a through <= 1.3.2. | ||||
| CVE-2025-23995 | 2026-04-23 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through <= 1.0.0.5. | ||||
| CVE-2025-23994 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings estatebud-properties-listings allows Stored XSS.This issue affects Estatebud – Properties & Listings: from n/a through <= 5.5.0. | ||||
| CVE-2025-23993 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through <= 1.1.3. | ||||
| CVE-2025-23992 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows Stored XSS.This issue affects Toocheke Companion: from n/a through <= 1.166. | ||||
| CVE-2025-23991 | 2026-04-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5. | ||||
| CVE-2025-23990 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in jablonczay Scroll Styler scroll-styler.This issue affects Scroll Styler: from n/a through <= 1.1. | ||||
| CVE-2025-23989 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Internal Link Builder internal-link-builder allows Cross Site Request Forgery.This issue affects Internal Link Builder: from n/a through <= 1.0. | ||||
| CVE-2025-23988 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante ghostwriter ghostwriter allows Reflected XSS.This issue affects ghostwriter: from n/a through <= 1.4. | ||||