Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (13350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-56033 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs faqs allows Reflected XSS.This issue affects FAQs: from n/a through <= 1.0.2.
CVE-2024-56032 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Descriptions fv-descriptions allows Reflected XSS.This issue affects FV Descriptions: from n/a through <= 1.4.
CVE-2024-56030 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carver Lab 10CentMail 10centmail-subscription-management-and-analytics allows Reflected XSS.This issue affects 10CentMail: from n/a through <= 2.1.50.
CVE-2024-56028 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lemonadestudio Lemonade Social Networks Autoposter Pinterest lemonade-sna-pinterest-edition allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through <= 2.0.
CVE-2024-56027 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bizswoop Leads CRM leads-crm allows Reflected XSS.This issue affects Leads CRM: from n/a through <= 2.0.13.
CVE-2024-56025 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adworkmedia AdWork Media EZ Content Locker adwork-media-ez-content-locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through <= 3.0.
CVE-2024-56024 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget create-custom-dashboard-widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through <= 1.0.0.
CVE-2024-56021 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through <= 2.4.
CVE-2024-56020 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in svegliadesign SvegliaT Buttons svegliat-buttons allows Stored XSS.This issue affects SvegliaT Buttons: from n/a through <= 1.3.0.
CVE-2024-56019 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gavinr Inline Footnotes inline-footnotes allows Stored XSS.This issue affects Inline Footnotes: from n/a through <= 2.3.0.
CVE-2024-56016 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maartenhemmes Image Mapper image-mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through <= 0.2.5.3.
CVE-2024-56013 1 Wordpress 1 Wordpress 2026-04-23 8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in wovax Wovax IDX wovax-idx allows Authentication Bypass.This issue affects Wovax IDX: from n/a through <= 1.2.2.
CVE-2024-56012 1 Wordpress 1 Wordpress 2026-04-23 9.8 Critical
Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through <= 4.1.
CVE-2024-56011 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov Responsive Google Maps | by imbaa responsive-google-maps allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through <= 1.2.5.
CVE-2024-56010 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Device Detector device-detector allows Reflected XSS.This issue affects Device Detector: from n/a through <= 4.2.0.
CVE-2024-56007 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1.
CVE-2024-56005 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping posti-shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through <= 3.10.3.
CVE-2024-56004 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in awfowler Easy Site Importer easy-site-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through <= 1.0.1.
CVE-2024-56001 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.1.
CVE-2024-55997 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in webchunky Order Delivery & Pickup Location Date Time order-delivery-pickup-location-date-time-free-version allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through <= 1.1.0.