Export limit exceeded: 11432 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12607 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12607 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68027 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-15 | 7.3 High |
| Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32. | ||||
| CVE-2025-68030 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5. | ||||
| CVE-2025-68031 | 2 Faraz Sms, Wordpress | 2 افزونه پیامک حرفه ای فراز اس ام اس, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3. | ||||
| CVE-2025-68035 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4. | ||||
| CVE-2025-68037 | 2 Atlasgondal, Wordpress | 2 Export Media Urls, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2. | ||||
| CVE-2025-68041 | 2 Codisto, Wordpress | 2 Omnichannel For Woocommerce, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65. | ||||
| CVE-2025-68042 | 2 Travelpayouts, Wordpress | 2 Travelpayouts, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.2. | ||||
| CVE-2025-68043 | 2 Lottiefiles, Wordpress | 2 Lottiefiles, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0. | ||||
| CVE-2025-68046 | 2 Themehunk, Wordpress | 2 Contact Form & Lead Form Elementor Builder, Wordpress | 2026-04-15 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. | ||||
| CVE-2025-68047 | 2 Arraytics, Wordpress | 2 Eventin, Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.3. | ||||
| CVE-2025-68048 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | ||||
| CVE-2025-68050 | 2 Leadpages, Wordpress | 2 Leadpages, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3. | ||||
| CVE-2025-68072 | 2 Merv Barrett, Wordpress | 2 Easy Property Listings, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.20. | ||||
| CVE-2025-68076 | 2 Select-themes, Wordpress | 2 Stockholm Core, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through <= 2.4.6. | ||||
| CVE-2025-68078 | 2 Themenectar, Wordpress | 2 Salient Core, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Portfolio salient-portfolio allows Stored XSS.This issue affects Salient Portfolio: from n/a through <= 1.8.2. | ||||
| CVE-2025-68086 | 2 Merkulove, Wordpress | 2 Reformer For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Elementor: from n/a through <= 1.0.6. | ||||
| CVE-2025-68088 | 2 Merkulove, Wordpress | 2 Huger For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through <= 1.1.5. | ||||
| CVE-2025-6814 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request. | ||||
| CVE-2025-68495 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0. | ||||
| CVE-2025-68501 | 2 Mollie, Wordpress | 2 Mollie Payments For Woocommerce, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1. | ||||