Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11887 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-52820 3 Infosoftplugin, Woocommerce, Wordpress 3 Woocommerce Point Of Sale, Woocommerce, Wordpress 2026-04-15 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-52812 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49.
CVE-2025-52827 1 Wordpress 1 Wordpress 2026-04-15 N/A
Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-53230 2 Elementor, Wordpress 2 Elementor, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.
CVE-2025-53263 1 Wordpress 1 Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through <= 1.3.4.
CVE-2025-53269 1 Wordpress 1 Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand my-wp-brand allows Cross Site Request Forgery.This issue affects My Wp Brand: from n/a through <= 1.1.3.
CVE-2025-53293 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through <= 1.2.3.
CVE-2025-53321 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money raise-the-money allows DOM-Based XSS.This issue affects Raise The Money: from n/a through <= 5.2.
CVE-2025-53460 2 Affiliatewp, Wordpress 2 Affiliatewp, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi AffiliateWP – External Referral Links affiliatewp-external-referral-links allows Stored XSS.This issue affects AffiliateWP – External Referral Links: from n/a through <= 1.2.0.
CVE-2025-53982 2 Crocoblock, Wordpress 2 Jetelements For Elementor, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.7.
CVE-2025-53987 2 Crocoblock, Wordpress 2 Jetelements, Wordpress 2026-04-15 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1.
CVE-2025-53992 1 Wordpress 1 Wordpress 2026-04-15 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1.
CVE-2025-53997 2 Favethemes, Wordpress 2 Houzez, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.0.4.
CVE-2025-54025 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through <= 6.4.0.
CVE-2025-54707 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through <= 1.3.3.7.
CVE-2025-54670 2 Bobbingwide, Wordpress 2 Oik, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2.
CVE-2024-24844 2 Ideabox, Wordpress 2 Powerpack Pro For Elementor, Wordpress 2026-04-15 7.5 High
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.
CVE-2025-55711 2 Wordpress, Wptablebuilder 2 Wordpress, Wp Table Builder 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Stored XSS.This issue affects WP Table Builder: from n/a through <= 2.0.12.
CVE-2024-24845 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8.
CVE-2025-57900 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through <= 2.4.2.