Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (80921 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68850 2 Codepeople, Wordpress 2 Sell Downloads, Wordpress 2026-04-29 7.5 High
Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12.
CVE-2025-49866 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner beautiful-and-responsive-cookie-consent allows Reflected XSS.This issue affects Beautiful Cookie Consent Banner: from n/a through <= 4.6.1.
CVE-2025-67956 2 Wordpress, Wpeverest 2 Wordpress, User Registration 2026-04-29 8.2 High
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.
CVE-2025-39451 2026-04-29 7.5 High
Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
CVE-2025-48261 1 Multivendorx 1 Multivendorx 2026-04-29 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22.
CVE-2025-53319 2 Raptive, Wordpress 2 Raptive Ads, Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0.
CVE-2025-47541 2026-04-29 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7.
CVE-2025-49454 2026-04-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0.
CVE-2025-47438 1 Wpjobportal 1 Wp Job Portal 2026-04-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.3.1.
CVE-2025-47618 1 Wordpress 1 Wordpress 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This issue affects BMI Adult & Kid Calculator: from n/a through <= 1.2.2.
CVE-2025-39449 2026-04-29 7.5 High
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
CVE-2025-39447 1 Crocoblock 1 Jetelements For Elementor 2026-04-29 7.5 High
Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
CVE-2025-32545 2026-04-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommerce Products without featured images: from n/a through <= 0.1.
CVE-2025-39358 1 Wordpress 1 Wordpress 2026-04-29 8.8 High
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through <= 1.3.12.
CVE-2025-39391 2026-04-29 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce checkout-field-visibility-for-woocommerce allows PHP Local File Inclusion.This issue affects Checkout Field Visibility for WooCommerce: from n/a through <= 1.3.0.
CVE-2025-32128 1 Wordpress 1 Wordpress 2026-04-29 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations nearby-locations allows SQL Injection.This issue affects Nearby Locations: from n/a through <= 1.1.1.
CVE-2025-32689 2 Themesgrove, Wordpress 2 Wp Smartpay, Wordpress 2026-04-29 7.5 High
Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2.
CVE-2025-30562 2026-04-29 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through <= 1.0.1.
CVE-2025-32119 2026-04-29 8.2 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from n/a through <= 3.2.1.
CVE-2025-28858 2026-04-29 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from n/a through <= 1.0.9.