Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 101–125 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2025-47463 | NONE | — | 2025-06-09 | Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control… | |
| CVE-2025-47477 | NONE | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows R… | |
| CVE-2025-47487 | NONE | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-conve… | |
| CVE-2025-47511 | MEDIUM | Patched | 6.5 | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversal.This issue … |
| CVE-2025-47527 | NONE | — | 2025-06-09 | Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects … | |
| CVE-2025-47561 | NONE | — | 2025-06-09 | Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13. | |
| CVE-2025-47598 | NONE | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.T… | |
| CVE-2025-47608 | NONE | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandon… | |
| CVE-2025-47651 | HIGH | 8.5 | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This iss… | |
| CVE-2025-48122 | NONE | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-… | |
| CVE-2025-48123 | NONE | — | 2025-06-09 | Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like… | |
| CVE-2025-48124 | NONE | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commer… | |
| CVE-2025-48125 | NONE | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager … | |
| CVE-2025-48126 | HIGH | Patched | 8.1 | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate… |
| CVE-2025-48129 | NONE | — | 2025-06-09 | Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommer… | |
| CVE-2025-48130 | NONE | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affec… | |
| CVE-2025-48139 | NONE | — | 2025-06-09 | Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/… | |
| CVE-2025-48140 | NONE | — | 2025-06-09 | Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI:… | |
| CVE-2025-48141 | NONE | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-paym… | |
| CVE-2025-48143 | NONE | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! formularios-de-contacto-sa… | |
| CVE-2025-48147 | MEDIUM | 6.5 | 2025-06-09 | Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access … | |
| CVE-2025-48261 | HIGH | Patched | 7.5 | 2025-06-09 | Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue … |
| CVE-2025-48267 | HIGH | Patched | 8.6 | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from … |
| CVE-2025-48279 | HIGH | 7.1 | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue a… | |
| CVE-2025-48281 | NONE | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product… |