Search Results (36883 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53230 2 Elementor, Wordpress 2 Elementor, Wordpress 2026-04-23 7.6 High
Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.
CVE-2025-53221 2 Codeablepress, Wordpress 2 Codeablepress, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through <= 1.0.2.
CVE-2025-53200 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3.
CVE-2025-53194 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-04-23 8.5 High
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.
CVE-2025-52834 2 Favethemes, Wordpress 2 Homey, Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7.
CVE-2025-52833 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS lms allows SQL Injection.This issue affects LMS: from n/a through <= 9.2.
CVE-2025-52832 2 Wordpress, Wpo-hr 2 Wordpress, Ngg Smart Image Search 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1.
CVE-2025-52831 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-52829 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through <= 2.0.
CVE-2025-52824 1 Wordpress 1 Wordpress 2026-04-23 8.8 High
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.
CVE-2025-52823 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8.
CVE-2025-52822 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap wp-roadmap allows SQL Injection.This issue affects WP Roadmap: from n/a through <= 2.1.3.
CVE-2025-52821 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7.
CVE-2025-52820 3 Infosoftplugin, Woocommerce, Wordpress 3 Woocommerce Point Of Sale, Woocommerce, Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-52819 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through <= 1.0.2.
CVE-2025-52818 1 Wordpress 1 Wordpress 2026-04-23 8.2 High
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.
CVE-2025-52817 1 Wordpress 1 Wordpress 2026-04-23 8.2 High
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.
CVE-2025-52804 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in uxper Nuss nuss allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Nuss: from n/a through <= 1.3.7.1.
CVE-2025-52802 2026-04-23 7.5 High
Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts import-youtube-videos-as-wp-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import YouTube videos as WP Posts: from n/a through <= 2.1.
CVE-2025-52801 1 Wordpress 1 Wordpress 2026-04-23 7.3 High
Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.