Search Results (36908 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-46455 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1.
CVE-2025-46252 1 Kofimokome 1 Message Filter For Contact Form 7 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows SQL Injection.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.2.
CVE-2025-46248 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows SQL Injection.This issue affects Frontend Dashboard: from n/a through <= 2.2.5.
CVE-2025-46247 1 Codepeople 1 Appointment Booking Calendar 2026-04-23 5.3 Medium
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
CVE-2025-46244 1 Multidots 1 Advanced Linked Variations For Woocommerce 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Linked Variations for Woocommerce: from n/a through <= 1.0.3.
CVE-2025-46242 1 Kibokolabs 1 Watu Quiz 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.3.
CVE-2025-46232 1 Alttext 1 Alt Text Ai 2026-04-23 4.3 Medium
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.9.93.
CVE-2025-43838 2026-04-23 6.5 Medium
Missing Authorization vulnerability in ChoPlugins.com Custom PC Builder Lite for WooCommerce custom-pc-builder-lite-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through <= 1.0.1.
CVE-2025-43833 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through <= 1.1.1.
CVE-2025-3702 2 Melapress, Wordpress 2 Melapress File Monitor, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.
CVE-2025-3701 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through <= 16.8.
CVE-2025-39602 2026-04-23 4.3 Medium
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Table Lite: from n/a through <= 3.9.5.
CVE-2025-39595 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows SQL Injection.This issue affects Quentn WP: from n/a through <= 1.2.8.
CVE-2025-39591 2026-04-23 5.4 Medium
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.
CVE-2025-39587 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65.
CVE-2025-39586 1 Metagauss 1 Profilegrid 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.
CVE-2025-39580 1 Wordpress 1 Wordpress 2026-04-23 5.8 Medium
Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.
CVE-2025-39571 1 Wpxpo 1 Wowstore 2026-04-23 4.3 Medium
Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 4.2.4.
CVE-2025-39569 1 Taskbuilder 1 Taskbuilder 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through <= 4.0.1.
CVE-2025-39566 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from n/a through <= 1.1.5.6.