Export limit exceeded: 11464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11464 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58618 | 2 Jonathanjernigan, Wordpress | 2 Pie Calendar, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8. | ||||
| CVE-2025-58593 | 2 Themeisle, Wordpress | 2 Orbit Fox, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0. | ||||
| CVE-2025-58614 | 2 Tooltipy, Wordpress | 2 Tooltipy, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6. | ||||
| CVE-2025-58597 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6. | ||||
| CVE-2025-9519 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 7.2 High |
| The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server. | ||||
| CVE-2025-58606 | 2 Cozythemes, Wordpress | 2 Saaslauncher, Wordpress | 2025-09-04 | 5 Medium |
| Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0. | ||||
| CVE-2025-58612 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5. | ||||
| CVE-2025-58630 | 2 Rbaer, Wordpress | 2 Simple Matomo Tracking Code Plugin, Wordpress | 2025-09-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from n/a through 1.1.0. | ||||
| CVE-2025-58601 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6. | ||||
| CVE-2025-58602 | 2 If-so, Wordpress | 3 Dynamic Content Personalization, If-so, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.4. | ||||
| CVE-2025-58603 | 2 Surfer, Wordpress | 2 Surfer Plugin, Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574. | ||||
| CVE-2025-58607 | 2 Gdprinfo, Wordpress | 2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: from n/a through 1.7.11. | ||||
| CVE-2025-58609 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode allows Stored XSS. This issue affects Latest Post Shortcode: from n/a through 14.0.3. | ||||
| CVE-2025-58610 | 2 Wordpress, Wpchill | 2 Wordpress, Gallery Photoblocks | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1. | ||||
| CVE-2025-58611 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2025-09-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6. | ||||
| CVE-2025-58616 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1. | ||||
| CVE-2025-58621 | 2 Amuse Labs, Wordpress | 2 Puzzleme Plugin, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress allows Stored XSS. This issue affects PuzzleMe for WordPress: from n/a through 1.2.0. | ||||
| CVE-2025-58622 | 2 Wordpress, Yydevelopment | 2 Wordpress, Mobile Contact Line Plugin | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0. | ||||
| CVE-2025-58634 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4. | ||||
| CVE-2025-58635 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23. | ||||