Export limit exceeded: 342389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68037 | 2 Atlasgondal, Wordpress | 2 Export Media Urls, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2. | ||||
| CVE-2025-68035 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4. | ||||
| CVE-2025-68031 | 2 Faraz Sms, Wordpress | 2 افزونه پیامک حرفه ای فراز اس ام اس, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3. | ||||
| CVE-2025-68030 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5. | ||||
| CVE-2025-68027 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-01 | 7.3 High |
| Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32. | ||||
| CVE-2025-68017 | 2 Antideo, Wordpress | 2 Email Validator, Wordpress | 2026-04-01 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10. | ||||
| CVE-2025-68012 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1. | ||||
| CVE-2025-68011 | 3 Gls, Woocommerce, Wordpress | 3 Shipping For Woocommerce, Woocommerce, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0. | ||||
| CVE-2025-68010 | 2 Netgsm, Wordpress | 2 Netgsm, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63. | ||||
| CVE-2025-68008 | 2 Mndpsingh287, Wordpress | 2 Wp Mail, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3. | ||||
| CVE-2025-68004 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1. | ||||
| CVE-2025-67999 | 2 Stefanno Lissa, Wordpress | 2 Newsletter, Wordpress | 2026-04-01 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9. | ||||
| CVE-2025-67998 | 2 Kamleshyadav, Wordpress | 2 Miraculous Elementor, Wordpress | 2026-04-01 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7. | ||||
| CVE-2025-67994 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaycurrency | 2026-04-01 | 7.5 High |
| Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. | ||||
| CVE-2025-67992 | 2 Loftocean, Wordpress | 2 Patiotime, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. | ||||
| CVE-2025-67991 | 2 Vanquish, Wordpress | 2 User Extra Fields, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through <= 16.8. | ||||
| CVE-2025-67990 | 2 Realmag777, Wordpress | 2 Gmap Targeting, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through <= 1.1.7. | ||||
| CVE-2025-67988 | 2 Loftocean, Wordpress | 2 Cozystay, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. | ||||
| CVE-2025-67987 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-01 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1. | ||||
| CVE-2025-67984 | 2 Calliko, Wordpress | 2 Nps Computy, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2. | ||||