Search Results (36950 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-31551 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows SQL Injection.This issue affects Salesmate Add-On for Gravity Forms: from n/a through <= 2.0.3.
CVE-2025-31547 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows SQL Injection.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.
CVE-2025-31546 2026-04-23 4.3 Medium
Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.0.
CVE-2025-31545 2026-04-23 5.4 Medium
Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Safe Ai Malware Protection for WP: from n/a through <= 1.0.20.
CVE-2025-31542 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issue affects My auctions allegro: from n/a through <= 3.6.20.
CVE-2025-31541 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
CVE-2025-31540 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in acmemediakits ACME Divi Modules acme-divi-modules allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACME Divi Modules: from n/a through <= 1.3.5.
CVE-2025-31539 2 Blocksera, Wordpress 2 Cryptocurrency Widgets Pack, Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through <= 2.0.1.
CVE-2025-31534 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper shopper allows SQL Injection.This issue affects Shopper: from n/a through <= 3.2.5.
CVE-2025-31533 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Salesmate Add-On for Gravity Forms: from n/a through <= 2.0.3.
CVE-2025-31531 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 history-log-by-click5 allows SQL Injection.This issue affects History Log by click5: from n/a through <= 1.0.13.
CVE-2025-31530 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google SEO Pressor Snippet: from n/a through <= 2.0.
CVE-2025-31529 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Rashid Slider Path for Elementor slider-path allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Path for Elementor: from n/a through <= 3.0.0.
CVE-2025-31528 2026-04-23 4.3 Medium
Missing Authorization vulnerability in wokamoto StaticPress staticpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaticPress: from n/a through <= 0.4.5.
CVE-2025-31526 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
CVE-2025-31525 2026-04-23 4.3 Medium
Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu mobile-bottom-menu-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mobile Bottom Menu: from n/a through <= 1.4.0.
CVE-2025-31469 2026-04-23 5.3 Medium
Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through <= 1.4.
CVE-2025-31466 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Blind SQL Injection.This issue affects Duplicate Page and Post: from n/a through <= 1.0.
CVE-2025-31425 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.
CVE-2025-31424 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.