Search

Expected end of text, found '.' (at char 15), (line:1, col:16)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (311341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57985 2 Mantrabrain, Wordpress 2 Ultimate Watermark, Wordpress 2025-09-23 4.3 Medium
Missing Authorization vulnerability in MantraBrain Ultimate Watermark allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Watermark: from n/a through 1.1.
CVE-2025-57968 2 E4jconnect, Wordpress 2 Vikrestaurants Table Reservations And Take-away, Wordpress 2025-09-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Reflected XSS. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.4.
CVE-2025-58025 2 Averta, Wordpress 2 Master Slider, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider allows Stored XSS. This issue affects Master Slider: from n/a through 3.11.0.
CVE-2025-58003 2 Javothemes, Wordpress 2 Javo Core, Wordpress 2025-09-23 5.3 Medium
Missing Authorization vulnerability in javothemes Javo Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Javo Core: from n/a through 3.0.0.266.
CVE-2025-57984 2 Makestories, Wordpress 2 Makestories (for Google Web Stories), Wordpress 2025-09-23 4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) allows Server Side Request Forgery. This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.4.
CVE-2025-58012 1 Wordpress 1 Wordpress 2025-09-23 3.8 Low
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Mask: from n/a through 1.8.5.2.
CVE-2025-57959 1 Wordpress 1 Wordpress 2025-09-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmatsuur Slightly troublesome permalink allows Stored XSS. This issue affects Slightly troublesome permalink: from n/a through 1.2.0.
CVE-2025-57955 2 Plugin-devs, Wordpress 2 Post Carousel Slider For Elementor, Wordpress 2025-09-23 6.5 Medium
Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0.
CVE-2025-57977 3 Woocommerce, Wordpress, Wpdesk 3 Woocommerce, Wordpress, Flexible Pdf Invoices 2025-09-23 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress allows Cross Site Request Forgery. This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through 6.0.13.
CVE-2025-58020 2 Jeroen Schmit, Wordpress 2 Theater For Wordpress, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8.
CVE-2025-58021 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in douglaskarr List Child Pages Shortcode allows Stored XSS. This issue affects List Child Pages Shortcode: from n/a through 1.3.1.
CVE-2025-57991 2 Clariti, Wordpress 2 Clariti, Wordpress 2025-09-23 5.4 Medium
Missing Authorization vulnerability in Clariti Clariti allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clariti: from n/a through 1.2.1.
CVE-2025-58224 1 Wordpress 1 Wordpress 2025-09-23 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0.
CVE-2025-57978 1 Wordpress 1 Wordpress 2025-09-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling allows Cross Site Request Forgery. This issue affects Advanced Appointment Booking & Scheduling: from n/a through 1.9.
CVE-2025-57997 1 Wordpress 1 Wordpress 2025-09-23 4.3 Medium
Missing Authorization vulnerability in Trustpilot Trustpilot Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trustpilot Reviews: from n/a through 2.5.925.
CVE-2025-57994 1 Wordpress 1 Wordpress 2025-09-23 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Upcoming Events Lists: from n/a through 1.4.0.
CVE-2025-57967 3 Woocommerce, Wordpress, Wpbean 3 Woocommerce, Wordpress, Wpb Quick View 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce allows Stored XSS. This issue affects WPB Quick View for WooCommerce: from n/a through 2.1.8.
CVE-2025-57964 2 Photonicgnostic, Wordpress 2 Library Bookshelves, Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in photonicgnostic Library Bookshelves allows Stored XSS. This issue affects Library Bookshelves: from n/a through 5.11.
CVE-2025-57996 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9.
CVE-2025-57983 1 Wordpress 1 Wordpress 2025-09-23 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects BP Disable Activation Reloaded: from n/a through 1.2.1.