Total
346175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24713 | 2026-04-23 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through <= 3.1.1. | |||||
| CVE-2025-24712 | 2026-04-23 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks radius-blocks allows Cross Site Request Forgery.This issue affects Radius Blocks: from n/a through <= 2.1.2. | |||||
| CVE-2025-24711 | 2026-04-23 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through <= 3.2.4. | |||||
| CVE-2025-24710 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook gwolle-gb allows Reflected XSS.This issue affects Gwolle Guestbook: from n/a through <= 4.7.1. | |||||
| CVE-2025-24709 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions plethora-tabs-accordions allows Stored XSS.This issue affects Plethora Plugins Tabs + Accordions: from n/a through <= 1.1.5. | |||||
| CVE-2025-24708 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.6. | |||||
| CVE-2025-24707 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.24. | |||||
| CVE-2025-24706 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through <= 4.2.13. | |||||
| CVE-2025-24705 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Arshid WooCommerce Quick View woo-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Quick View: from n/a through <= 1.1.1. | |||||
| CVE-2025-24704 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.This issue affects Magic the Gathering Card Tooltips: from n/a through <= 3.4.0. | |||||
| CVE-2025-24703 | 2026-04-23 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through <= 3.0.33. | |||||
| CVE-2025-24702 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio SEO Xagio SEO xagio-seo allows Stored XSS.This issue affects Xagio SEO: from n/a through <= 7.0.0.20. | |||||
| CVE-2025-24701 | 2026-04-23 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Bob Chained Quiz chained-quiz allows Server Side Request Forgery.This issue affects Chained Quiz: from n/a through <= 1.3.2.9. | |||||
| CVE-2025-24700 | 1 Xylusthemes | 1 Wp Event Aggregator | 2026-04-23 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event Aggregator: from n/a through <= 1.8.2. | |||||
| CVE-2025-24699 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting (XSS).This issue affects WP Coder: from n/a through <= 3.6. | |||||
| CVE-2025-24698 | 1 G5plus | 1 Essential Real Estate | 2026-04-23 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through <= 5.1.8. | |||||
| CVE-2025-24697 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery awesome-responsive-photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Gallery – Responsive Photo Gallery: from n/a through <= 1.0.5. | |||||
| CVE-2025-24696 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shafaet Alam Attire Blocks attire-blocks allows Cross Site Request Forgery.This issue affects Attire Blocks: from n/a through <= 1.9.6. | |||||
| CVE-2025-24695 | 1 Hasthemes | 1 Extensions For Cf7 | 2026-04-23 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0. | |||||
| CVE-2025-24694 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects CM Pop-Up banners: from n/a through <= 1.7.6. | |||||