Export limit exceeded: 342992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39466 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Dor, Dor, Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | ||||
| CVE-2025-39465 | 2 Flippercode, Wordpress | 2 Advanced Google Maps, Wordpress | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4. | ||||
| CVE-2025-39463 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9. | ||||
| CVE-2025-32657 | 2 Radiustheme, Wordpress | 2 Testimonial Slider And Showcase, Wordpress | 2026-04-01 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a through <= 2.1.7. | ||||
| CVE-2025-32283 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. | ||||
| CVE-2025-32222 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5. | ||||
| CVE-2025-32123 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through <= 5.3.5. | ||||
| CVE-2025-31634 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5. | ||||
| CVE-2025-31413 | 2 Bdthemes, Wordpress | 2 Element Pack Elementor Addons, Wordpress | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | ||||
| CVE-2025-31029 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0. | ||||
| CVE-2025-30944 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.5 High |
| Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23. | ||||
| CVE-2025-28953 | 2 Axiomthemes, Wordpress | 2 Smartseo, Wordpress | 2026-04-01 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0. | ||||
| CVE-2025-27005 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5. | ||||
| CVE-2025-27004 | 2 Lambertgroup, Wordpress | 2 Famous-responsive Image And Video Grid Gallery Wordpress Plugin, Wordpress | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4. | ||||
| CVE-2025-27002 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5. | ||||
| CVE-2025-23993 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through <= 1.1.3. | ||||
| CVE-2025-23504 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= 1.1.3. | ||||
| CVE-2025-22728 | 2 Amentotech, Wordpress | 2 Workreap, Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6. | ||||
| CVE-2025-22726 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK Themes Helper: from n/a through <= 1.7.9. | ||||
| CVE-2025-22715 | 2 Loopus, Wordpress | 2 Wp Attractive Donations System, Wordpress | 2026-04-01 | 8.1 High |
| Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | ||||