Export limit exceeded: 12735 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13985 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69331 | 2 Jeroen Schmit, Wordpress | 2 Theater For Wordpress, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19. | ||||
| CVE-2025-69330 | 2 Jthemes, Wordpress | 2 Prestige, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1. | ||||
| CVE-2025-69322 | 2 Fuelthemes, Wordpress | 2 Peakshops, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9. | ||||
| CVE-2025-69321 | 2 Themegoods, Wordpress | 2 Grand Spa, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through <= 3.5.5. | ||||
| CVE-2025-69320 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through <= 3.5.7. | ||||
| CVE-2025-69319 | 2 Wordpress, Wpbeaverbuilder | 2 Wordpress, Beaver Builder | 2026-04-15 | 7.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1. | ||||
| CVE-2025-69318 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5. | ||||
| CVE-2025-69305 | 2 Teconcetheme, Wordpress | 2 Crete Core, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through <= 1.4.3. | ||||
| CVE-2025-69299 | 2 Laborator, Wordpress | 2 Oxygen, Wordpress | 2026-04-15 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8. | ||||
| CVE-2025-69297 | 2 Ghostpool, Wordpress | 2 Aardvark Plugin, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. | ||||
| CVE-2025-69296 | 2 Ghostpool, Wordpress | 2 Aardvark, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <= 4.6.3. | ||||
| CVE-2025-69295 | 2 Teconcetheme, Wordpress | 2 Coven Core, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through <= 1.3. | ||||
| CVE-2025-69294 | 2 Fuelthemes, Wordpress | 2 Peakshops, Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9. | ||||
| CVE-2025-8942 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2026-04-15 | 9.1 Critical |
| The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests. | ||||
| CVE-2025-69188 | 2 E-plugins, Wordpress | 2 Fitness Trainer, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1. | ||||
| CVE-2025-62041 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.1. | ||||
| CVE-2025-69187 | 2 E-plugins, Wordpress | 2 Final User, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5. | ||||
| CVE-2025-62027 | 2 Stellarwp, Wordpress | 2 Event Tickets, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3. | ||||
| CVE-2025-62026 | 2 Blockspare, Wordpress | 2 Blockspare, Wordpress | 2026-04-15 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2. | ||||
| CVE-2025-69186 | 2 E-plugins, Wordpress | 2 Hospital & Doctor Directory, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | ||||