Total
347065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48138 | 1 Bertha | 1 Bertha Ai | 2026-04-28 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13. | |||||
| CVE-2025-48126 | 1 G5plus | 1 Essential Real Estate | 2026-04-28 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.9. | |||||
| CVE-2025-48103 | 2026-04-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's Date Inserter: from n/a through <= 1.2.1. | |||||
| CVE-2025-48102 | 2026-04-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-paid-downloads-membership allows Stored XSS.This issue affects GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership: from n/a through <= 1.6.6. | |||||
| CVE-2025-48101 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1. | |||||
| CVE-2025-48087 | 2026-04-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1. | |||||
| CVE-2025-48081 | 2026-04-28 | N/A | 5.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | |||||
| CVE-2025-47664 | 1 Thimpress | 1 Wp Pipes | 2026-04-28 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. | |||||
| CVE-2025-47663 | 2026-04-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11. | |||||
| CVE-2025-47657 | 2026-04-28 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce allows SQL Injection.This issue affects Productive Commerce: from n/a through <= 1.1.40. | |||||
| CVE-2025-47653 | 2026-04-28 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14. | |||||
| CVE-2025-47651 | 2026-04-28 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06. | |||||
| CVE-2025-47650 | 2026-04-28 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from n/a through <= 2.15.06. | |||||
| CVE-2025-47649 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9. | |||||
| CVE-2025-47646 | 2026-04-28 | N/A | N/A | ||
| Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. | |||||
| CVE-2025-47643 | 2026-04-28 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2. | |||||
| CVE-2025-47631 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11. | |||||
| CVE-2025-47627 | 2026-04-28 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2. | |||||
| CVE-2025-47620 | 2026-04-28 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Martins Free Monetized Ad Exchange Network: from n/a through <= 1.0.6. | |||||
| CVE-2025-47619 | 2026-04-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2. | |||||