Export limit exceeded: 341925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48138 | 1 Bertha | 1 Bertha Ai | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13. | ||||
| CVE-2025-48137 | 1 Proxymis | 1 Interview | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through <= 1.01. | ||||
| CVE-2025-48136 | 1 Estatik | 1 Mortgage Calculator | 2026-04-01 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Local File Inclusion.This issue affects Mortgage Calculator Estatik: from n/a through <= 2.0.12. | ||||
| CVE-2025-48135 | 1 Aptivada | 1 Aptivada For Wp | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP aptivada-for-wp allows DOM-Based XSS.This issue affects Aptivada for WP: from n/a through <= 2.0.0. | ||||
| CVE-2025-48134 | 1 Shapedplugin | 1 Wp Tabs | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12. | ||||
| CVE-2025-48133 | 1 Uncannyowl | 1 Uncanny Automator | 2026-04-01 | 9.8 Critical |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through <= 6.4.0.2. | ||||
| CVE-2025-48132 | 1 Pencilwp | 1 X Addons For Elementor | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Stored XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.16. | ||||
| CVE-2025-48131 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through <= 2.0.2. | ||||
| CVE-2025-48130 | 2026-04-01 | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through <= 2.0.7.4. | ||||
| CVE-2025-48129 | 2026-04-01 | N/A | ||
| Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. | ||||
| CVE-2025-48128 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector sharespine-woocommerce-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharespine Woocommerce Connector: from n/a through <= 4.7.55. | ||||
| CVE-2025-48127 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through <= 2.0.3. | ||||
| CVE-2025-48126 | 1 G5plus | 1 Essential Real Estate | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.9. | ||||
| CVE-2025-48125 | 2026-04-01 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through <= 3.1.51. | ||||
| CVE-2025-48124 | 2026-04-01 | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Path Traversal.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. | ||||
| CVE-2025-48123 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2026-04-01 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. | ||||
| CVE-2025-48122 | 2026-04-01 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows SQL Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. | ||||
| CVE-2025-48121 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through <= 1.0.6. | ||||
| CVE-2025-48120 | 2026-04-01 | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through <= 8.6.9. | ||||
| CVE-2025-48119 | 2026-04-01 | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows Code Injection.This issue affects RS WP Book Showcase: from n/a through <= 6.7.59. | ||||