Export limit exceeded: 14017 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49895 | 2 Ithemes, Wordpress | 2 Serverbuddy, Wordpress | 2026-04-28 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. | ||||
| CVE-2025-49448 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0. | ||||
| CVE-2025-49447 | 2 Fastw3b, Wordpress | 2 Fw Food Menu Plugin, Wordpress | 2026-04-28 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | ||||
| CVE-2025-49438 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3. | ||||
| CVE-2025-49428 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3. | ||||
| CVE-2025-49411 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1. | ||||
| CVE-2025-49410 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 10 Critical |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1. | ||||
| CVE-2025-49409 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0. | ||||
| CVE-2025-49408 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2026-04-28 | 10 Critical |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | ||||
| CVE-2025-49407 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-28 | 8.8 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1. | ||||
| CVE-2025-49406 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-28 | 8.5 High |
| Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1. | ||||
| CVE-2025-49405 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-28 | 4.3 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4. | ||||
| CVE-2025-48339 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | ||||
| CVE-2025-48337 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3. | ||||
| CVE-2025-48279 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta. | ||||
| CVE-2025-48101 | 2 Webdevstudios, Wordpress | 2 Constant Contact For Wordpress, Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1. | ||||
| CVE-2025-48087 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1. | ||||
| CVE-2025-48081 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||||
| CVE-2025-47663 | 3 Hospital Management System, Hospital Management System Project, Wordpress | 3 Hospital Management System, Hospital Management System, Wordpress | 2026-04-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11. | ||||
| CVE-2025-47653 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14. | ||||