Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11922 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-54731 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through <= 3.5.1.
CVE-2025-54741 1 Wordpress 1 Wordpress 2026-04-15 8.6 High
Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0.
CVE-2025-55707 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-04-15 7.2 High
Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
CVE-2025-55710 2 Taxopress, Wordpress 2 Taxopress, Wordpress 2026-04-15 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2.
CVE-2025-57914 3 Matat Technologies, Woocommerce, Wordpress 3 Deliver Via Shipos, Woocommerce, Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for WooCommerce: from n/a through <= 3.0.2.
CVE-2025-57927 2 Stephanie Leary, Wordpress 2 Dashboard Notepad, Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through <= 1.42.
CVE-2025-57972 3 Woocommerce, Wordpress, Wpfactory 3 Woocommerce, Wordpress, Helpdesk Support Ticket System 2026-04-15 N/A
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.
CVE-2025-57977 3 Woocommerce, Wordpress, Wpdesk 3 Woocommerce, Wordpress, Flexible Pdf Invoices 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce &amp; WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce &amp; WordPress: from n/a through <= 6.0.13.
CVE-2025-58001 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Compact Archives compact-archives allows Stored XSS.This issue affects Compact Archives: from n/a through <= 4.1.0.
CVE-2025-58198 2 Wordpress, Xpro 2 Wordpress, Theme Builder 2026-04-15 N/A
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.9.
CVE-2025-58207 2 Wordpress, Wpmessiah 2 Wordpress, Ai Image Alt Text Generator For Wp 2026-04-15 8.2 High
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.5.
CVE-2025-58592 2 Cozmoslabs, Wordpress 2 Translatepress, Wordpress 2026-04-15 8.1 High
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.
CVE-2025-58610 2 Wordpress, Wpchill 2 Wordpress, Gallery Photoblocks 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows Stored XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.1.
CVE-2025-58616 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a through <= 1.8.2.1.
CVE-2025-58622 2 Wordpress, Yydevelopment 2 Wordpress, Mobile Contact Line Plugin 2026-04-15 N/A
Missing Authorization vulnerability in yydevelopment Mobile Contact Line mobile-contact-line allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile Contact Line: from n/a through <= 2.4.0.
CVE-2025-58675 2 Tryinteract, Wordpress 2 Interact, Wordpress 2026-04-15 N/A
Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site interact-quiz-embed allows Cross Site Request Forgery.This issue affects Interact: Embed A Quiz On Your Site: from n/a through <= 3.1.
CVE-2025-58679 2 Appmysite, Wordpress 2 Appmysite, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in AppMySite AppMySite appmysite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AppMySite: from n/a through <= 3.15.0.
CVE-2025-58685 3 Cecabank, Woocommerce, Wordpress 3 Woocommerce Plugin, Woocommerce, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin cecabank-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cecabank WooCommerce Plugin: from n/a through <= 0.3.4.
CVE-2025-58810 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jimmywb Simple Link List Widget simple-link-list-widget allows Stored XSS.This issue affects Simple Link List Widget: from n/a through <= 0.3.2.
CVE-2025-58812 2 Pricelisto, Wordpress 2 Best Restaurant Menu By Pricelisto, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto allows Stored XSS.This issue affects Best Restaurant Menu by PriceListo: from n/a through <= 1.4.3.