Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46225 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-24623 1 Wordpress 1 Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.
CVE-2026-24626 2 Logichunt, Wordpress 2 Logo Slider, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through <= 5.1.1.
CVE-2026-24630 2 Design, Wordpress 2 Stylish Cost Calculator, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.2.9.
CVE-2026-25004 2 Creativemindssolutions, Wordpress 2 Cm Business Directory, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through <= 1.5.3.
CVE-2026-39615 2 Shahjada, Wordpress 2 Download Manager, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.
CVE-2026-39604 2 Wordpress, Zookatron 2 Wordpress, Mybooktable Bookstore 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
CVE-2026-39638 2 Themeum, Wordpress 2 Qubely, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.
CVE-2026-39636 2 Livemesh, Wordpress 2 Livemesh Addons For Elementor, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0.
CVE-2026-39646 2 Bozdoz, Wordpress 2 Leaflet Map, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4.
CVE-2026-39674 2 Manoj Kumar, Wordpress 2 Mk Google Directions, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through <= 3.1.1.
CVE-2026-39667 2 Jongmyoung Kim, Wordpress 2 Korea Sns, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
CVE-2026-39666 2 Telepathy, Wordpress 2 Hello Bar Popup Builder, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1.
CVE-2026-39665 2 Vladimir Prelovac, Wordpress 2 Seo Friendly Images, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
CVE-2026-39702 2 Wealcoder, Wordpress 2 Animation Addons For Elementor, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through <= 2.6.1.
CVE-2026-39703 2 Wordpress, Wpbits 2 Wordpress, Wpbits Addons For Elementor Page Builder 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.8.1.
CVE-2026-39693 2 Fesomia, Wordpress 2 Fsm Custom Featured Image Caption, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.
CVE-2026-39692 2 Tagdiv, Wordpress 2 Tagdiv Composer, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
CVE-2026-39696 2 Elfsight, Wordpress 2 Elfsight Whatsapp Chat Cc, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0.
CVE-2026-39683 2 Chief Gnome, Wordpress 2 Garden Gnome Package, Wordpress 2026-04-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through <= 2.4.1.
CVE-2026-2481 2 Beaverbuilder, Wordpress 2 Beaver Builder Page Builder – Drag And Drop Website Builder, Wordpress 2026-04-24 6.4 Medium
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.