Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (322436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67520 2 Tinysolutions, Wordpress 2 Media Library Tools, Wordpress 2025-12-11 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through <= 1.6.15.
CVE-2025-67519 1 Wordpress 1 Wordpress 2025-12-11 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.3.
CVE-2025-67518 1 Wordpress 1 Wordpress 2025-12-11 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through <= 1.2.
CVE-2025-67517 2 Artplacer, Wordpress 2 Artplacer Widget, Wordpress 2025-12-11 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through <= 2.22.9.2.
CVE-2025-67516 2 Agile Logix, Wordpress 2 Store Locator Wordpress, Wordpress Mu 2025-12-11 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.6.2.
CVE-2025-67515 2 Mikado-themes, Wordpress 2 Wilmer, Wordpress 2025-12-11 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5.
CVE-2025-67473 2 Codeworkweb, Wordpress 2 Cww Companion, Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through <= 1.3.2.
CVE-2025-67471 1 Wordpress 1 Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5.
CVE-2025-67469 2 Kubiq, Wordpress 2 Pdf Thumbnail Generator, Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4.
CVE-2025-67466 2 Sergiotrinity, Wordpress 2 Trinity Audio, Wordpress 2025-12-11 8.1 High
Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.23.3.
CVE-2025-67465 2 Quantumcloud, Wordpress 2 Simple Link Directory, Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-66534 1 Wordpress 1 Wordpress 2025-12-11 8.8 High
Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
CVE-2025-66532 2 Mikado-themes, Wordpress 2 Powerlift, Wordpress 2025-12-11 8.8 High
Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
CVE-2025-66531 1 Wordpress 1 Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3.
CVE-2025-66530 2 Webba-booking, Wordpress 2 Webba Booking, Wordpress 2025-12-11 8.8 High
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1.
CVE-2025-66529 2 Ays-pro, Wordpress 2 Chartify, Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3.
CVE-2025-66528 2 Villatheme, Wordpress 2 Thank You Page Customizer For Woocommerce, Wordpress 2025-12-11 8.1 High
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.8.
CVE-2025-65594 2 Opensis, Os4ed 2 Opensis, Opensis 2025-12-11 8.1 High
OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users.
CVE-2025-64256 2 Presstigers, Wordpress 2 Simple Folio, Wordpress 2025-12-11 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0.
CVE-2025-64255 2 Bowo, Wordpress 2 Admin And Site Enhancements Ase, Wordpress 2025-12-11 7.2 High
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8.