Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49510 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through <= 5.1.0. | ||||
| CVE-2025-49509 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1. | ||||
| CVE-2025-49508 | 2026-04-01 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.7.1. | ||||
| CVE-2025-49507 | 2026-04-01 | N/A | ||
| Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. | ||||
| CVE-2025-49455 | 2026-04-01 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through <= 25.07010000-WP6.8.1-JB5.11.5. | ||||
| CVE-2025-49454 | 2026-04-01 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0. | ||||
| CVE-2025-49453 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through <= 1.1. | ||||
| CVE-2025-49452 | 2026-04-01 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injection.This issue affects PostaPanduri: from n/a through <= 2.1.3. | ||||
| CVE-2025-49451 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through <= 1.0.13. | ||||
| CVE-2025-49450 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mhallmann SEPA Girocode sepa-girocode allows Stored XSS.This issue affects SEPA Girocode: from n/a through <= 0.5.1. | ||||
| CVE-2025-49449 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa interactive-map-of-africa allows Cross Site Request Forgery.This issue affects Interactive Regional Map of Africa: from n/a through <= 1.0. | ||||
| CVE-2025-49446 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through <= 1.1. | ||||
| CVE-2025-49445 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map interactive-uk-regional-map allows Cross Site Request Forgery.This issue affects Interactive UK Regional Map: from n/a through <= 2.0. | ||||
| CVE-2025-49444 | 2 Merkulove, Wordpress | 2 Reformer For Elementor, Wordpress | 2026-04-01 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through <= 1.0.5. | ||||
| CVE-2025-49443 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris McCoy Bacon Ipsum bacon-ipsum allows Stored XSS.This issue affects Bacon Ipsum: from n/a through <= 2.4. | ||||
| CVE-2025-49442 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple Nested Menu: from n/a through <= 1.0. | ||||
| CVE-2025-49441 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through <= 1.0. | ||||
| CVE-2025-49440 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master wp-security-master allows Cross Site Request Forgery.This issue affects WP Security Master: from n/a through <= 1.0.2. | ||||
| CVE-2025-49439 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV atelier-create-cv allows Cross Site Request Forgery.This issue affects Atelier Create CV: from n/a through <= 1.1.5. | ||||
| CVE-2025-49437 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL Rotation: from n/a through <= 1.0. | ||||