Export limit exceeded: 10762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10762 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60193 | 2 Premmerce, Wordpress | 2 User Roles, Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through <= 1.0.13. | ||||
| CVE-2025-60192 | 2 Premmerce, Wordpress | 2 Wholesale Pricing For Woocommerce, Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10. | ||||
| CVE-2025-60191 | 3 Premmerce, Woocommerce, Wordpress | 3 Wishlist For Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through <= 1.1.10. | ||||
| CVE-2025-60190 | 2 Hinnerk Altenburg, Wordpress | 2 Immocaster Wordpress Plugin, Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File Inclusion.This issue affects Immocaster WordPress Plugin: from n/a through <= 1.3.6. | ||||
| CVE-2025-60189 | 3 Polopag, Woocommerce, Wordpress | 3 Polopag, Woocommerce, Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through <= 2.0.9. | ||||
| CVE-2025-60188 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2. | ||||
| CVE-2025-60187 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2026-01-20 | 4.8 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2. | ||||
| CVE-2025-60182 | 2 Schiocco, Wordpress | 2 Support Board, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through < 3.8.7. | ||||
| CVE-2025-60180 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Hubspot, Wp Gravity Forms Salesforce, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1. | ||||
| CVE-2025-60178 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Hubspot, Wp Gravity Forms Hubspot, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6. | ||||
| CVE-2025-60176 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through <= 1.0.2. | ||||
| CVE-2025-60174 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Constant Contact Plugin, Wp Gravity Forms Constant Contact Plugin, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2. | ||||
| CVE-2025-60168 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through <= 1.6. | ||||
| CVE-2025-60151 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Hubspot, Wordpress | 2026-01-20 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5. | ||||
| CVE-2025-60135 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through <= 13.0.0. | ||||
| CVE-2025-60134 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through <= 2.1.0. | ||||
| CVE-2025-60132 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2. | ||||
| CVE-2025-60131 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoefff Werk aan de Muur werk-aan-de-muur allows Stored XSS.This issue affects Werk aan de Muur: from n/a through <= 1.5. | ||||
| CVE-2025-60091 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Zoho Crm And Bigin, Wp Gravity Forms Zoho Crm And Bigin, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9. | ||||
| CVE-2025-60090 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Insightly, Wp Gravity Forms Insightly, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6. | ||||