Export limit exceeded: 341846 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341846 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54698 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. | ||||
| CVE-2025-54697 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. | ||||
| CVE-2025-54696 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels allows Stored XSS.This issue affects WPFunnels: from n/a through <= 3.5.26. | ||||
| CVE-2025-54695 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0. | ||||
| CVE-2025-54694 | 2 Bplugins, Wordpress | 2 Button Block, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0. | ||||
| CVE-2025-54693 | 2 Epiph, Wordpress | 2 Form Block, Wordpress | 2026-04-01 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5. | ||||
| CVE-2025-54692 | 2 Wordpress, Wpswings | 2 Wordpress, Membership For Woocommerce | 2026-04-01 | N/A |
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0. | ||||
| CVE-2025-54691 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-04-01 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through <= 1.4.80. | ||||
| CVE-2025-54690 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue affects Xinterio: from n/a through <= 4.2. | ||||
| CVE-2025-54689 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7. | ||||
| CVE-2025-54688 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.1.2. | ||||
| CVE-2025-54687 | 2 Crocoblock, Wordpress | 2 Jettabs, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.9.1. | ||||
| CVE-2025-54686 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2. | ||||
| CVE-2025-54685 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash suredash allows Retrieve Embedded Sensitive Data.This issue affects SureDash: from n/a through <= 1.1.0. | ||||
| CVE-2025-54684 | 2 Crmperks, Wordpress | 2 Integration For Contact Form 7 And Constant Contact, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact cf7-constant-contact allows Stored XSS.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through <= 1.1.7. | ||||
| CVE-2025-54683 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal Popup with Cookie Integration: from n/a through <= 2.4. | ||||
| CVE-2025-54682 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4. | ||||
| CVE-2025-54681 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Phishing.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4. | ||||
| CVE-2025-54680 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Blogger Buzz blogger-buzz allows Stored XSS.This issue affects Blogger Buzz: from n/a through <= 1.2.6. | ||||
| CVE-2025-54679 | 2 Vertim, Wordpress | 2 Neon Channel Product Customizer Free, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0. | ||||