Export limit exceeded: 353738 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353738 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68856 | 2 Keeswolters, Wordpress | 2 Mopinion Feedback Form, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects Mopinion Feedback Form: from n/a through <= 1.1.1. | ||||
| CVE-2025-68858 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07. | ||||
| CVE-2025-68862 | 2 Murtaza Bhurgri, Wordpress | 2 Woo File Dropzone, Wordpress | 2026-04-15 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7. | ||||
| CVE-2025-68863 | 2 Wordpress, Zack Katz | 2 Wordpress, Icontact For Gravity Forms | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through <= 1.3.2. | ||||
| CVE-2025-68867 | 2 Anibalwainstein, Wordpress | 2 Effect Maker, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through <= 1.2.1. | ||||
| CVE-2025-68866 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18. | ||||
| CVE-2025-68873 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25. | ||||
| CVE-2025-68874 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through <= 1.5.0. | ||||
| CVE-2025-68880 | 2 Peter Sterling, Wordpress | 2 Simple Archive Generator, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Reflected XSS.This issue affects Simple Archive Generator: from n/a through <= 5.2. | ||||
| CVE-2025-68887 | 2 Cmsjunkie, Wordpress | 2 J-businessdirectory, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 4.0.1. | ||||
| CVE-2025-68889 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through <= 4.0.0. | ||||
| CVE-2025-68884 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1. | ||||
| CVE-2025-68891 | 2 Ryan Sutana, Wordpress | 2 Wp App Bar, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5. | ||||
| CVE-2025-68895 | 2 Ahachat, Wordpress | 2 Ahachat Messenger Marketing, Wordpress | 2026-04-15 | 6.5 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a through <= 1.1. | ||||
| CVE-2025-68896 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4. | ||||
| CVE-2025-68899 | 2 Designthemes, Wordpress | 2 Vivagh, Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. | ||||
| CVE-2025-68903 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0. | ||||
| CVE-2025-68904 | 2 Jnews, Wordpress | 2 Jnews, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0. | ||||
| CVE-2025-68905 | 2 Jnews, Wordpress | 2 Jnews, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0. | ||||
| CVE-2025-68906 | 2 Jnews, Wordpress | 2 Jnews, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2. | ||||