Search Results (36938 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-32216 2026-04-23 6.4 Medium
Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/a through <= 1.6.6.
CVE-2025-32213 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.43.
CVE-2025-32212 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from n/a through <= 6.3.
CVE-2025-32210 2026-04-23 6.5 Medium
Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes cm-invitation-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Registration and Invitation Codes: from n/a through <= 2.5.6.
CVE-2025-32208 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32204 2 Rocketelements, Wordpress 2 Split Test For Elementor, Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor split-test-for-elementor allows SQL Injection.This issue affects Split Test For Elementor: from n/a through <= 1.8.3.
CVE-2025-32203 1 Wordpress 1 Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in manu225 Falling things falling-things allows SQL Injection.This issue affects Falling things: from n/a through <= 1.08.
CVE-2025-32201 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.8.4.
CVE-2025-32149 2 Mtrv, Wordpress 2 Teachpress, Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-32148 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers daisycon allows SQL Injection.This issue affects Daisycon prijsvergelijkers: from n/a through <= 4.8.4.
CVE-2025-32147 2026-04-23 8.8 High
Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy WP Optimizer: from n/a through <= 1.1.0.
CVE-2025-32127 1 Wordpress 1 Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows SQL Injection.This issue affects onOffice for WP-Websites: from n/a through <= 5.7.
CVE-2025-32126 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 pay-with-contact-form-7 allows SQL Injection.This issue affects Pay with Contact Form 7: from n/a through <= 1.0.4.
CVE-2025-32125 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows SQL Injection.This issue affects Silvasoft boekhouden: from n/a through <= 3.0.6.
CVE-2025-32124 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Blind SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
CVE-2025-32122 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through <= 2.2.0.
CVE-2025-32121 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows SQL Injection.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.3.
CVE-2025-32120 1 Wordpress 1 Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through <= 2.0.4.
CVE-2025-31928 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support multimedia-carousel allows SQL Injection.This issue affects Multimedia Responsive Carousel with Image Video Audio Support: from n/a through <= 2.6.0.
CVE-2025-31926 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows SQL Injection.This issue affects Sticky Radio Player: from n/a through <= 3.4.