Export limit exceeded: 11789 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11789 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31390 | 2 Soflyy, Wordpress | 2 Breakdance, Wordpress | 2025-07-12 | 9.9 Critical |
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | ||||
| CVE-2023-46612 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6. | ||||
| CVE-2023-52144 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15. | ||||
| CVE-2024-32130 | 2 Paystack, Wordpress | 2 Payment Forms For Paystack, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1. | ||||
| CVE-2024-43244 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4. | ||||
| CVE-2024-37096 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1. | ||||
| CVE-2024-33636 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1. | ||||
| CVE-2023-6091 | 2 Mndpsingh287, Wordpress | 2 Theme Editor, Wordpress | 2025-07-12 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1. | ||||
| CVE-2024-32542 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Organic Themes Bulk Block Converter allows Reflected XSS.This issue affects Bulk Block Converter: from n/a through 1.0.1. | ||||
| CVE-2022-43476 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4. | ||||
| CVE-2024-24845 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. | ||||
| CVE-2023-25457 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1. | ||||
| CVE-2024-32536 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Trade Pips WP TradingView allows Stored XSS.This issue affects WP TradingView: from n/a through 1.7. | ||||
| CVE-2023-49859 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Pixelite Login With Ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through 4.1. | ||||
| CVE-2023-46632 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3. | ||||
| CVE-2023-51418 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.7 High |
| Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6. | ||||
| CVE-2024-30441 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74. | ||||
| CVE-2023-44478 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8. | ||||
| CVE-2023-28687 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4. | ||||
| CVE-2024-34422 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trinhtuantai Viet Affiliate Link allows Stored XSS.This issue affects Viet Affiliate Link: from n/a through 1.2. | ||||