Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46503 | 2025-04-24 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery. This issue affects Simple Google Photos Grid: from n/a through 1.5. | |||||
| CVE-2025-46502 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2. | |||||
| CVE-2025-46501 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed allows Stored XSS. This issue affects Mixcloud Embed: from n/a through 2.2.0. | |||||
| CVE-2025-46499 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2. | |||||
| CVE-2025-46498 | 2025-04-24 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0. | |||||
| CVE-2025-46497 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics allows Stored XSS. This issue affects Navegg Analytics: from n/a through 3.3.3. | |||||
| CVE-2025-46496 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed allows Stored XSS. This issue affects Mini twitter feed: from n/a through 3.0. | |||||
| CVE-2025-46495 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps allows Stored XSS. This issue affects Drop Caps: from n/a through 2.1. | |||||
| CVE-2025-46492 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1. | |||||
| CVE-2025-46491 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List allows Stored XSS. This issue affects Multi-Column Taxonomy List: from n/a through 1.5. | |||||
| CVE-2025-46489 | 2025-04-24 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1. | |||||
| CVE-2025-46485 | 2025-04-24 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Customize Login Page: from n/a through 1.6.5. | |||||
| CVE-2025-46484 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder allows DOM-Based XSS. This issue affects Image Hover Effects For WPBakery Page Builder: from n/a through 2.0. | |||||
| CVE-2025-46483 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2. | |||||
| CVE-2025-46481 | 2025-04-24 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3. | |||||
| CVE-2025-46480 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Nepali Post Date allows Stored XSS. This issue affects Nepali Post Date: from n/a through 5.1.1. | |||||
| CVE-2025-46479 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevynCJohnson BBCode Deluxe allows DOM-Based XSS. This issue affects BBCode Deluxe: from n/a through 2020.08.01.2. | |||||
| CVE-2025-46478 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaloha Dropdown Content allows Stored XSS. This issue affects Dropdown Content: from n/a through 1.0.2. | |||||
| CVE-2025-46477 | 2025-04-24 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carlo La Pera WP Customize Login Page allows Stored XSS. This issue affects WP Customize Login Page: from n/a through 1.6.5. | |||||
| CVE-2025-46476 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nayon46 Awesome Wp Image Gallery allows Stored XSS. This issue affects Awesome Wp Image Gallery: from n/a through 1.0. | |||||