Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (323441 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64268 2 Arraytics, Wordpress 2 Timetics, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.
CVE-2025-60090 2 Crm Perks, Wordpress 2 Wp Gravity Forms Insightly, Wordpress 2025-12-19 9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6.
CVE-2025-60070 1 Wordpress 1 Wordpress 2025-12-19 6.5 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in The4 Molla molla allows Code Injection.This issue affects Molla: from n/a through <= 1.5.13.
CVE-2025-64222 3 Fantasticplugins, Woocommerce, Wordpress 3 Woocommerce Recover Abandoned Cart, Woocommerce, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0.
CVE-2025-64233 1 Wordpress 1 Wordpress 2025-12-19 9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8.
CVE-2025-60044 1 Wordpress 1 Wordpress 2025-12-19 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fribbo fribbo allows PHP Local File Inclusion.This issue affects Fribbo: from n/a through <= 1.1.0.
CVE-2025-58945 1 Wordpress 1 Wordpress 2025-12-19 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7.
CVE-2025-64375 1 Wordpress 1 Wordpress 2025-12-19 6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
CVE-2025-58942 1 Wordpress 1 Wordpress 2025-12-19 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwell: from n/a through <= 1.7.0.
CVE-2025-60047 1 Wordpress 1 Wordpress 2025-12-19 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes IPharm ipharm allows PHP Local File Inclusion.This issue affects IPharm: from n/a through <= 1.2.3.
CVE-2025-64218 2 Wordpress, Wpchill 2 Wordpress, Passster 2025-12-19 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
CVE-2025-64213 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2025-12-19 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-60065 1 Wordpress 1 Wordpress 2025-12-19 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pinevale pinevale allows PHP Local File Inclusion.This issue affects Pinevale: from n/a through <= 1.0.14.
CVE-2025-58951 2 Smartcmsmarket, Wordpress 2 Advance Seat Reservation Management For Woocommerce, Wordpress 2025-12-19 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This issue affects Advance Seat Reservation Management for WooCommerce: from n/a through <= 3.1.
CVE-2025-64225 1 Wordpress 1 Wordpress 2025-12-19 6.1 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through <= 1.2.11.
CVE-2025-64373 1 Wordpress 1 Wordpress 2025-12-19 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through < 3.2.6.
CVE-2025-58946 1 Wordpress 1 Wordpress 2025-12-19 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12.
CVE-2025-60054 1 Wordpress 1 Wordpress 2025-12-19 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes OnLeash onleash allows PHP Local File Inclusion.This issue affects OnLeash: from n/a through <= 1.5.2.
CVE-2025-64377 2 Cridio, Wordpress 2 Listingpro, Wordpress 2025-12-19 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-60086 2 Matt, Wordpress 2 Wp Voting Contest, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.