Export limit exceeded: 12605 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12605 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69376 | 2 Vanquish, Wordpress | 2 User Extra Fields, Wordpress | 2026-04-15 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. | ||||
| CVE-2025-69377 | 2 Vanquish, Wordpress | 2 User Extra Fields, Wordpress | 2026-04-15 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. | ||||
| CVE-2025-69379 | 2 Vanquish, Wordpress | 2 Upload Files Anywhere, Wordpress | 2026-04-15 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. | ||||
| CVE-2025-69380 | 2 Vanquish, Wordpress | 2 Upload Files Anywhere, Wordpress | 2026-04-15 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. | ||||
| CVE-2025-69381 | 2 Vanquish, Wordpress | 2 Woocommerce Bulk Product Editor, Wordpress | 2026-04-15 | 7.1 High |
| Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through <= 3.0. | ||||
| CVE-2025-69382 | 2 Themesflat, Wordpress | 2 Themesflat Addons For Elementor, Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-69383 | 2 Agence Web Eoxia - Montpellier, Wordpress | 2 Wp Shop, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1. | ||||
| CVE-2025-69384 | 2 Wordpress, Wpdiscover | 2 Wordpress, Timeline Event History | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through <= 3.2. | ||||
| CVE-2025-69386 | 2 Realvirtualmx, Wordpress | 2 Rvcfdi Para Woocommerce, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce allows Reflected XSS.This issue affects RVCFDI para Woocommerce: from n/a through <= 8.1.8. | ||||
| CVE-2025-69387 | 2 Whatwouldjessedo, Wordpress | 2 Simple Retail Menus, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through <= 4.2.1. | ||||
| CVE-2025-69388 | 2 Cliengo, Wordpress | 2 Cliengo – Chatbot, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4. | ||||
| CVE-2025-69389 | 2 Hugh Mungus, Wordpress | 2 Visitor Maps Extended Referer Field, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through <= 1.2.6. | ||||
| CVE-2025-69390 | 2 Themebon, Wordpress | 2 Business Template Blocks For Wpbakery (visual Composer) Page Builder, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2. | ||||
| CVE-2025-64264 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows Stored XSS.This issue affects Popup addon for Ninja Forms: from n/a through <= 3.5.1. | ||||
| CVE-2025-69334 | 2 Wordpress, Wpfactory | 2 Wordpress, Wishlist For Woocommerce | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0. | ||||
| CVE-2025-69336 | 2 Bdthemes, Wordpress | 2 Utlimate Store Kit Elementor Addons, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4. | ||||
| CVE-2025-69337 | 2 D-themes, Wordpress | 2 Wolmart, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core: from n/a through <= 1.9.6. | ||||
| CVE-2025-69342 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Calafate calafate allows PHP Local File Inclusion.This issue affects Calafate: from n/a through <= 1.7.7. | ||||
| CVE-2025-69356 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0. | ||||
| CVE-2025-69357 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0. | ||||