Export limit exceeded: 341807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341807 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49244 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate shortcodes-ultimate allows Stored XSS.This issue affects Shortcodes Ultimate: from n/a through <= 7.3.5. | ||||
| CVE-2025-49243 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav – Responsive Mobile Menu: from n/a through <= 1.8. | ||||
| CVE-2025-49242 | 1 Sevenspark | 1 Bellows Accordion Menu | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bellows Accordion Menu: from n/a through <= 1.4.3. | ||||
| CVE-2025-49241 | 1 Bobbingwide | 1 Oik | 2026-04-01 | N/A |
| Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1. | ||||
| CVE-2025-49240 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through <= 2.5.2. | ||||
| CVE-2025-49239 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Cross Site Request Forgery.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.5.0. | ||||
| CVE-2025-49238 | 1 Everestthemes | 1 Everest Backup | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Cross Site Request Forgery.This issue affects Everest Backup: from n/a through <= 2.3.3. | ||||
| CVE-2025-49237 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through <= 0.9.10. | ||||
| CVE-2025-49236 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0. | ||||
| CVE-2025-49235 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XSS.This issue affects RTMKit: from n/a through <= 1.6.0. | ||||
| CVE-2025-49234 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Dummy Content Generator: from n/a through <= 3.4.6. | ||||
| CVE-2025-49077 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules discount-and-dynamic-pricing allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through <= 2.2.9. | ||||
| CVE-2025-49076 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 6.2.7. | ||||
| CVE-2025-49075 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Stored XSS.This issue affects Wishlist: from n/a through <= 1.0.43. | ||||
| CVE-2025-49074 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects WidgetKit: from n/a through <= 2.5.4. | ||||
| CVE-2025-49073 | 2 Axiomthemes, Wordpress | 2 Sweet Dessert, Wordpress | 2026-04-01 | N/A |
| Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through < 1.1.13. | ||||
| CVE-2025-49072 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through < 1.2.12.1. | ||||
| CVE-2025-49071 | 2 Nasatheme, Wordpress | 2 Flozen, Wordpress | 2026-04-01 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through < 1.5.1. | ||||
| CVE-2025-49070 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1. | ||||
| CVE-2025-49069 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through <= 1.9.8. | ||||