Export limit exceeded: 10041 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11474 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11474 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62996 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Code Amp Custom Layouts – Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through <= 1.4.12. | ||||
| CVE-2025-62995 | 2 Multiparcels, Wordpress | 2 Multiparcels Shipping For Woocommerce, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through <= 1.30.12. | ||||
| CVE-2025-62994 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | ||||
| CVE-2025-62988 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3. | ||||
| CVE-2025-62987 | 2 Builderall, Wordpress | 2 Builder For Wordpress, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1. | ||||
| CVE-2025-62986 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6. | ||||
| CVE-2025-62985 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through <= 1.6.3. | ||||
| CVE-2025-62984 | 2 Wordpress, Wpeka | 2 Wordpress, Wp Adcenter | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.1. | ||||
| CVE-2025-62983 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through <= 3.2.1. | ||||
| CVE-2025-62982 | 2 Sarah Giles, Wordpress | 2 Dynamic User Directory, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through <= 2.3. | ||||
| CVE-2025-62981 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.8. | ||||
| CVE-2025-62980 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03. | ||||
| CVE-2025-62979 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4. | ||||
| CVE-2025-62976 | 2 Joovii, Wordpress | 2 Sendle Shipping, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through <= 6.02. | ||||
| CVE-2025-62975 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1. | ||||
| CVE-2025-62974 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Stored XSS.This issue affects Headline Analyzer: from n/a through <= 1.3.7. | ||||
| CVE-2025-62973 | 2 Themekraft, Wordpress | 2 Buddyforms, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0. | ||||
| CVE-2025-62972 | 2 Webinarpress, Wordpress | 2 Webinarpress, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28. | ||||
| CVE-2025-62968 | 2 Sayandatta, Wordpress | 2 Wp Last Modified Info, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through <= 1.9.2. | ||||
| CVE-2025-62966 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6. | ||||