Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11789 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49939 2 Crocoblock, Wordpress 2 Jetelements For Elementor, Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
CVE-2025-49938 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.
CVE-2025-49934 3 Crocoblock, Elementor, Wordpress 3 Jettabs For Elementor, Elementor, Wordpress 2026-04-01 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18.
CVE-2025-49933 1 Wordpress 1 Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through <= 2.4.4.
CVE-2025-49932 1 Wordpress 1 Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through <= 2.4.4.1.
CVE-2025-49931 1 Wordpress 1 Wordpress 2026-04-01 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.
CVE-2025-49930 1 Wordpress 1 Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10.
CVE-2025-49928 2 Crocoblock, Wordpress 2 Jetformbuilder, Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows DOM-Based XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.
CVE-2025-49927 2 Crocoblock, Wordpress 2 Jetformbuilder, Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.1.
CVE-2025-49921 1 Wordpress 1 Wordpress 2026-04-01 7.3 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0.
CVE-2025-49919 2 Wordpress, Wpcenter 2 Wordpress, Eroom 2026-04-01 5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
CVE-2025-22725 1 Wordpress 1 Wordpress 2026-04-01 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.1.
CVE-2025-14430 2 Thememove, Wordpress 2 Brook, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0.
CVE-2025-14360 1 Wordpress 1 Wordpress 2026-04-01 9.8 Critical
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.19.
CVE-2026-34887 2 Extendthemes, Wordpress 2 Kubio Ai Page Builder, Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0.
CVE-2026-32543 2 Cyberchimps, Wordpress 2 Responsive Blocks, Wordpress 2026-04-01 5.3 Medium
Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
CVE-2026-32487 2 Rarathemes, Wordpress 2 Lawyer Landing Page, Wordpress 2026-04-01 5.3 Medium
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
CVE-2026-32486 2 Wordpress, Wptravelengine 2 Wordpress, Travel Booking 2026-04-01 5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.
CVE-2026-32462 2 Liton Arefin, Wordpress 2 Master Addons For Elementor, Wordpress 2026-04-01 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.
CVE-2026-32461 2 Really-simple-plugins, Wordpress 2 Really Simple Ssl, Wordpress 2026-04-01 5.3 Medium
Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.