Search

Expected end of text, found '@' (at char 12), (line:1, col:13)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (347095 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-68054 1 Wordpress 1 Wordpress 2026-04-27 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
CVE-2025-68051 2 Shiprocket, Wordpress 2 Shiprocket, Wordpress 2026-04-27 7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.
CVE-2025-68038 2 Icegram, Wordpress 2 Icegram Express, Wordpress 2026-04-27 7.2 High
Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14.
CVE-2025-68022 2 Soporteblue, Wordpress 2 Plugin Bluex For Woocommerce, Wordpress 2026-04-27 7.3 High
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.
CVE-2025-68017 2 Antideo, Wordpress 2 Email Validator, Wordpress 2026-04-27 7.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.
CVE-2025-63063 1 Wordpress 1 Wordpress 2026-04-27 5.3 Medium
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through <= 1.2.2.
CVE-2025-63062 1 Wordpress 1 Wordpress 2026-04-27 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0.
CVE-2025-63060 2 Hogash, Wordpress 2 Kallyas, Wordpress 2026-04-27 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in hogash KALLYAS kallyas allows Cross Site Request Forgery.This issue affects KALLYAS: from n/a through < 4.25.0.
CVE-2025-63039 2 Cridio, Wordpress 2 Listingpro, Wordpress 2026-04-27 6.5 Medium
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63036 1 Wordpress 1 Wordpress 2026-04-27 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.
CVE-2025-63018 1 Wordpress 1 Wordpress 2026-04-27 4.3 Medium
Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.
CVE-2025-5805 2 Ninetheme, Wordpress 2 Electron, Wordpress 2026-04-27 6.5 Medium
Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.
CVE-2025-5803 2 Vikwp, Wordpress 2 Vikbooking Hotel Booking Engine & Pms, Wordpress 2026-04-27 5.3 Medium
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.
CVE-2025-58898 2 Ancorathemes, Wordpress 2 Healthhub, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes HealthHub healthhub allows PHP Local File Inclusion.This issue affects HealthHub: from n/a through <= 1.3.0.
CVE-2025-58896 2 Ancorathemes, Wordpress 2 Otaku, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through <= 1.8.0.
CVE-2025-58895 2 Ancorathemes, Wordpress 2 Integro, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Integro integro allows PHP Local File Inclusion.This issue affects Integro: from n/a through <= 1.8.0.
CVE-2025-58894 2 Axiomthemes, Wordpress 2 Good Mood, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.
CVE-2025-58893 2 Axiomthemes, Wordpress 2 Alright, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.
CVE-2025-58892 2 Ancorathemes, Wordpress 2 Tourimo, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tourimo tourimo allows PHP Local File Inclusion.This issue affects Tourimo: from n/a through <= 1.2.3.
CVE-2025-58891 2 Ancorathemes, Wordpress 2 Sanger, Wordpress 2026-04-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Sanger sanger allows PHP Local File Inclusion.This issue affects Sanger: from n/a through <= 1.24.0.