Search Results (36897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49268 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4.
CVE-2025-49267 2 Dynamiapps, Wordpress 2 Frontend Admin, Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.3.
CVE-2025-49265 1 Wpswings 1 Membership For Woocommerce 2026-04-23 7.5 High
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1.
CVE-2025-49263 1 Wcvendors 1 Wc Vendors Marketplace 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WCVendors WC Vendors Marketplace wc-vendors allows Blind SQL Injection.This issue affects WC Vendors Marketplace: from n/a through <= 2.5.6.
CVE-2025-49248 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in cmoreira Team Showcase team-showcase-cm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Showcase: from n/a through < 25.05.13.
CVE-2025-49246 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in cmoreira Testimonials Showcase testimonials-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonials Showcase: from n/a through <= 1.9.16.
CVE-2025-49241 1 Bobbingwide 1 Oik 2026-04-23 5.3 Medium
Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.
CVE-2025-49240 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through <= 2.5.2.
CVE-2025-49236 2026-04-23 5.3 Medium
Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0.
CVE-2025-49234 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Dummy Content Generator: from n/a through <= 3.4.6.
CVE-2025-49059 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.20.
CVE-2025-49052 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1.
CVE-2025-49041 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3.
CVE-2025-49034 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.10.2.
CVE-2025-49033 2 Metagauss, Wordpress 2 Profilegrid, Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.
CVE-2025-48335 2026-04-23 5.4 Medium
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
CVE-2025-48334 1 Binarycarpenter 1 Woo Slider Pro 2026-04-23 6.5 Medium
Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
CVE-2025-48327 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through <= 1.0.7.
CVE-2025-48326 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acclectic Media Organizer: from n/a through <= 1.4.
CVE-2025-48301 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP smtp-sendgrid allows SQL Injection.This issue affects SMTP for SendGrid – YaySMTP: from n/a through <= 1.5.