Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27273 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager affiliate-links-manager allows Reflected XSS.This issue affects Affiliate Links Manager: from n/a through <= 1.0. | ||||
| CVE-2025-27272 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel vg-postcarousel allows PHP Local File Inclusion.This issue affects VG PostCarousel: from n/a through <= 1.1. | ||||
| CVE-2025-27271 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through <= 1.0.1. | ||||
| CVE-2025-27270 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4. | ||||
| CVE-2025-27269 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anton Aleksandrov .htaccess Login block htaccess-login-block allows Reflected XSS.This issue affects .htaccess Login block: from n/a through <= 0.9a. | ||||
| CVE-2025-27268 | 2026-04-01 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows SQL Injection.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.18. | ||||
| CVE-2025-27267 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through <= 1.3. | ||||
| CVE-2025-27266 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through <= 1.1.2. | ||||
| CVE-2025-27265 | 2026-04-01 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through <= 1.0.3. | ||||
| CVE-2025-27264 | 2026-04-01 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through <= 1.0.0. | ||||
| CVE-2025-27263 | 2026-04-01 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows SQL Injection.This issue affects Doctor Appointment Booking: from n/a through <= 1.0.0. | ||||
| CVE-2025-27015 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designingmedia Hostiko hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a through < 30.1. | ||||
| CVE-2025-27014 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1. | ||||
| CVE-2025-27013 | 2026-04-01 | N/A | ||
| Missing Authorization vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MediCenter - Health Medical Clinic: from n/a through < 14.7. | ||||
| CVE-2025-27012 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= 1.5. | ||||
| CVE-2025-27011 | 2026-04-01 | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows PHP Local File Inclusion.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8. | ||||
| CVE-2025-27010 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2. | ||||
| CVE-2025-27009 | 2026-04-01 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33. | ||||
| CVE-2025-27007 | 2026-04-01 | N/A | ||
| Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | ||||
| CVE-2025-27006 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy authorsy allows Stored XSS.This issue affects Authorsy: from n/a through <= 1.0.5. | ||||