ReportizFlow
Filtered by vendor
Subscriptions
Total
6310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32596 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Code Injection.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||||
| CVE-2025-32583 | 2026-04-23 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. | ||||
| CVE-2025-30975 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.80. | ||||
| CVE-2025-30911 | 2 Rometheme, Wordpress | 2 Romethemekit For Elementor, Wordpress | 2026-04-23 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. | ||||
| CVE-2025-30580 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image Editor: from n/a through <= 1.10. | ||||
| CVE-2025-28993 | 2026-04-23 | 8.6 High | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through <= 0.1.4. | ||||
| CVE-2026-41242 | 2 Protobuf, Protobufjs Project | 2 Protobuf, Protobufjs | 2026-04-23 | 9.8 Critical |
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue. | ||||
| CVE-2025-28893 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a through <= 1.2.1. | ||||
| CVE-2025-26996 | 2026-04-23 | 6.5 Medium | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.0.1. | ||||
| CVE-2025-26970 | 1 Arktheme | 1 The Ark | 2026-04-23 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a through < 1.71.0. | ||||
| CVE-2025-26936 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= 1.70.0. | ||||
| CVE-2025-26924 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through <= 3.4.7. | ||||
| CVE-2025-24677 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from n/a through <= 2.0.3. | ||||
| CVE-2026-41282 | 1 Projectdiscovery | 1 Nuclei | 2026-04-23 | 4 Medium |
| ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration). | ||||
| CVE-2024-56278 | 2026-04-23 | 9.1 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. | ||||
| CVE-2024-56051 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-04-23 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5. | ||||
| CVE-2024-52434 | 1 Supsystic | 1 Popup | 2026-04-23 | 9.1 Critical |
| Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29. | ||||
| CVE-2024-52427 | 2 Saso Nikolov, Vollstart | 2 Event Tickets With Ticket Scanner, Event Tickets With Ticket Scanner | 2026-04-23 | 9.9 Critical |
| Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11. | ||||
| CVE-2024-52393 | 1 Podlove | 1 Podlove Podcast Publisher | 2026-04-23 | 9.1 Critical |
| Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15. | ||||
| CVE-2024-51815 | 1 Wp Sharks | 1 S2member Pro | 2026-04-23 | 9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114. | ||||