Export limit exceeded: 12658 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12658 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39465 | 2 Flippercode, Wordpress | 2 Advanced Google Maps, Wordpress | 2026-04-27 | 4.3 Medium |
| Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4. | ||||
| CVE-2025-39463 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9. | ||||
| CVE-2025-32222 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5. | ||||
| CVE-2025-22728 | 2 Amentotech, Wordpress | 2 Workreap, Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6. | ||||
| CVE-2025-22726 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK Themes Helper: from n/a through <= 1.7.9. | ||||
| CVE-2025-22715 | 2 Loopus, Wordpress | 2 Wp Attractive Donations System, Wordpress | 2026-04-27 | 7.5 High |
| Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | ||||
| CVE-2025-22713 | 2 Vanquish, Wordpress | 2 Woocommerce Orders Customers Exporter, Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4. | ||||
| CVE-2025-22712 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through <= 3.0.2. | ||||
| CVE-2025-22708 | 2 Thememove, Wordpress | 2 Mitech, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4. | ||||
| CVE-2025-22707 | 2 Thememove, Wordpress | 2 Moody, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3. | ||||
| CVE-2025-22509 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0. | ||||
| CVE-2025-58939 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5. | ||||
| CVE-2025-58938 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2026-04-27 | 7.5 High |
| Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9. | ||||
| CVE-2025-58940 | 2 Axiomthemes, Wordpress | 2 Basil, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through <= 1.3.12. | ||||
| CVE-2025-58932 | 2 Axiomthemes, Wordpress | 2 Prisma, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects Prisma: from n/a through <= 1.10. | ||||
| CVE-2025-58931 | 2 Axiomthemes, Wordpress | 2 Palatio, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through <= 1.6. | ||||
| CVE-2025-58930 | 2 Axiomthemes, Wordpress | 2 Fitflex, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through <= 1.6. | ||||
| CVE-2025-58929 | 2 Axiomthemes, Wordpress | 2 Pantry, Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4. | ||||
| CVE-2025-67924 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0. | ||||
| CVE-2025-67921 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6. | ||||