Search Results (36960 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-22652 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through <= 4.0.1.
CVE-2025-22647 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through <= 1.2.
CVE-2025-22643 2026-04-23 4.3 Medium
Missing Authorization vulnerability in famethemes OnePress onepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnePress: from n/a through <= 2.3.11.
CVE-2025-22639 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn Distance Rate Shipping for WooCommerce distance-rate-shipping-for-woocommerce-pro allows Blind SQL Injection.This issue affects Distance Rate Shipping for WooCommerce: from n/a through <= 1.3.4.
CVE-2025-22592 2 Lenderd, Wordpress 2 1003 Mortgage Application, Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.
CVE-2025-22591 2 Lenderd, Wordpress 2 1003 Mortgage Application, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.
CVE-2025-22561 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in kbowson Title Experiments Free wp-experiments-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through <= 9.0.4.
CVE-2025-22560 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in saoshyant1994 Saoshyant Page Builder saoshyant-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through <= 3.8.
CVE-2025-22553 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dhananjaysingh Multiple Carousel multicarousel allows SQL Injection.This issue affects Multiple Carousel: from n/a through <= 2.0.
CVE-2025-22543 2026-04-23 5.4 Medium
Missing Authorization vulnerability in beautifultemplates ST Gallery WP st-gallery-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through <= 1.0.8.
CVE-2025-22542 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0.
CVE-2025-22541 2026-04-23 5.4 Medium
Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through <= 5.5.
CVE-2025-22540 1 Wordpress 1 Wordpress 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1.
CVE-2025-22537 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route google-maps-travel-route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through <= 1.3.1.
CVE-2025-22536 1 Wordpress 1 Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through <= 1.3.
CVE-2025-22535 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jonkern WPListCal wplistcal allows SQL Injection.This issue affects WPListCal: from n/a through <= 1.3.5.
CVE-2025-22534 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Ella Van Durpe Slides & Presentations slide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through <= 0.0.39.
CVE-2025-22533 1 Wordpress 1 Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bulktheme WOOEXIM wooexim allows SQL Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0.
CVE-2025-22523 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0.
CVE-2025-22519 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jerodmoore eDoc Easy Tables edoc-easy-tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through <= 1.29.