Export limit exceeded: 341827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341827 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54712 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7. | ||||
| CVE-2025-54710 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21. | ||||
| CVE-2025-54708 | 2 Bplugins, Wordpress | 2 B Blocks, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through <= 2.0.5. | ||||
| CVE-2025-54707 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through <= 1.3.3.7. | ||||
| CVE-2025-54706 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through <= 1.2.52. | ||||
| CVE-2025-54705 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6. | ||||
| CVE-2025-54704 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through <= 2.2.6. | ||||
| CVE-2025-54703 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2. | ||||
| CVE-2025-54702 | 2 Motovnet, Wordpress | 2 Ebook Store, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013. | ||||
| CVE-2025-54701 | 2 Thememove, Wordpress | 2 Unicamp, Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3. | ||||
| CVE-2025-54700 | 2 Thememove, Wordpress | 2 Makeaholic, Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4. | ||||
| CVE-2025-54699 | 2 Masteriyo, Wordpress | 2 Masteriyo, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through <= 1.18.3. | ||||
| CVE-2025-54698 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. | ||||
| CVE-2025-54697 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. | ||||
| CVE-2025-54696 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels allows Stored XSS.This issue affects WPFunnels: from n/a through <= 3.5.26. | ||||
| CVE-2025-54695 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0. | ||||
| CVE-2025-54694 | 2 Bplugins, Wordpress | 2 Button Block, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0. | ||||
| CVE-2025-54693 | 2 Epiph, Wordpress | 2 Form Block, Wordpress | 2026-04-01 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5. | ||||
| CVE-2025-54692 | 2 Wordpress, Wpswings | 2 Wordpress, Membership For Woocommerce | 2026-04-01 | N/A |
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0. | ||||
| CVE-2025-54691 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-04-01 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through <= 1.4.80. | ||||