Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5548 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58620 2 Wordpress, Wpforms 2 Wordpress, Wpforms 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms allows Stored XSS. This issue affects PDF for WPForms: from n/a through 6.2.1.
CVE-2025-58637 1 Wordpress 1 Wordpress 2025-09-04 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex Kickstart: from n/a through 1.11.6.
CVE-2025-58609 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode allows Stored XSS. This issue affects Latest Post Shortcode: from n/a through 14.0.3.
CVE-2025-58605 2 Wordpress, Wpdelicious 2 Wordpress, Wp Delicious 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows Stored XSS. This issue affects WP Delicious: from n/a through 1.8.7.
CVE-2025-58604 2 Wordpress, Wpfunnels 2 Wordpress, Mail Mint Plugin 2025-09-04 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.
CVE-2025-58600 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.
CVE-2025-58630 2 Rbaer, Wordpress 2 Simple Matomo Tracking Code Plugin, Wordpress 2025-09-04 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from n/a through 1.1.0.
CVE-2025-58607 2 Gdprinfo, Wordpress 2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: from n/a through 1.7.11.
CVE-2025-58601 2 Radiustheme, Wordpress 2 Classified Listing, Wordpress 2025-09-04 4.3 Medium
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.
CVE-2025-58633 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.
CVE-2025-58624 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates allows Stored XSS. This issue affects Exchange Rates: from n/a through 1.2.5.
CVE-2025-58602 2 If-so, Wordpress 3 Dynamic Content Personalization, If-so, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.4.
CVE-2025-58612 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5.
CVE-2025-58594 2 Brizy, Wordpress 2 Brizy, Wordpress 2025-09-04 4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
CVE-2025-58626 2 Rumbletalk, Wordpress 2 Live Group Chat Plugin, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from n/a through 6.3.5.
CVE-2025-58644 2 Enituretechnology, Wordpress 2 Ltl Freight Quotes, Wordpress 2025-09-04 7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through 1.2.6.
CVE-2025-58632 2 Dadevarzan, Wordpress 2 Wordpress Common Plugin, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.
CVE-2025-58618 2 Jonathanjernigan, Wordpress 2 Pie Calendar, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8.
CVE-2025-58596 2 Mailoptin, Wordpress 2 Mailoptin, Wordpress 2025-09-04 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.
CVE-2025-58643 2 Enituretechnology, Wordpress 2 Ltl Freight Quotes, Wordpress 2025-09-04 7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.