Total
346510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31015 | 2026-04-23 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through <= 1.3.1. | |||||
| CVE-2025-31014 | 2026-04-23 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.This issue affects Material Dashboard: from n/a through <= 1.4.5. | |||||
| CVE-2025-31012 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Phil Age Gate age-gate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Age Gate: from n/a through <= 3.5.4. | |||||
| CVE-2025-31011 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2. | |||||
| CVE-2025-31010 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5. | |||||
| CVE-2025-31009 | 2026-04-23 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks indieblocks allows Server Side Request Forgery.This issue affects IndieBlocks: from n/a through <= 0.13.1. | |||||
| CVE-2025-31008 | 2026-04-23 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.3.1. | |||||
| CVE-2025-31007 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form 7: from n/a through <= 1.2.0. | |||||
| CVE-2025-31006 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Activity Reactions For Buddypress activity-reactions-for-buddypress allows Reflected XSS.This issue affects Activity Reactions For Buddypress: from n/a through <= 1.0.22. | |||||
| CVE-2025-31005 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts easyfonts allows Cross Site Request Forgery.This issue affects Easyfonts: from n/a through <= 1.1.2. | |||||
| CVE-2025-31004 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through <= 1.4.0. | |||||
| CVE-2025-31003 | 2026-04-23 | N/A | 2.7 LOW | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6. | |||||
| CVE-2025-31002 | 2026-04-23 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6. | |||||
| CVE-2025-31000 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce payment-qr-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment QR WooCommerce: from n/a through <= 1.1.6. | |||||
| CVE-2025-30999 | 2026-04-23 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fahad Mahmood External Store for Shopify wp-shopify allows PHP Local File Inclusion.This issue affects External Store for Shopify: from n/a through <= 1.5.9. | |||||
| CVE-2025-30998 | 2026-04-23 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through <= 4.9.6. | |||||
| CVE-2025-30997 | 2026-04-23 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services car-repair-services allows Server Side Request Forgery.This issue affects Car Repair Services: from n/a through <= 5.0. | |||||
| CVE-2025-30996 | 2026-04-23 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Newsy newsy allows Upload a Web Shell to a Web Server.This issue affects Themify Newsy: from n/a through <= 1.9.9. | |||||
| CVE-2025-30995 | 2026-04-23 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0. | |||||
| CVE-2025-30994 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through <= 1.1.29. | |||||