Search Results (13985 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49914 2 Motopress, Wordpress 2 Restaurant Menu, Wordpress 2026-04-15 6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.7.
CVE-2025-49917 2 Icegram, Wordpress 2 Icegram Express, Wordpress 2026-04-15 4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through <= 5.9.5.
CVE-2025-49930 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10.
CVE-2025-49932 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through <= 2.4.4.1.
CVE-2025-49933 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through <= 2.4.4.
CVE-2025-49936 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.
CVE-2025-49938 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.
CVE-2025-49939 2 Crocoblock, Wordpress 2 Jetelements For Elementor, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
CVE-2025-49940 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.
CVE-2025-49948 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.
CVE-2025-49951 2 Gappointments, Wordpress 2 Gappointments, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcrunch gAppointments gAppointments allows Reflected XSS.This issue affects gAppointments: from n/a through <= 1.14.1.
CVE-2025-49953 2 Themeinity, Wordpress 2 Sharebang, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeinity ShareBang, Ultimate Social Share Buttons for WordPress sharebang allows Reflected XSS.This issue affects ShareBang, Ultimate Social Share Buttons for WordPress: from n/a through <= 1.4.
CVE-2025-49992 2 Thimpress, Wordpress 2 Learnpress Export Import, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through <= 4.0.9.
CVE-2025-52736 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through <= 2.20.0.
CVE-2025-52737 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through <= 2.2.260.
CVE-2025-52740 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0.
CVE-2025-52741 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through <= 1.0.11.
CVE-2025-52754 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in selloio Sello ChannelConnector sello-channelconnector allows Reflected XSS.This issue affects Sello ChannelConnector: from n/a through <= 1.6.3.
CVE-2025-52755 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Child Themes child-themes allows Reflected XSS.This issue affects Child Themes: from n/a through <= 1.0.1.
CVE-2025-52756 2 Sayandatta, Wordpress 2 Wp Last Modified Info, Wordpress 2026-04-15 7.4 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <= 1.9.4.