Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (79301 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-68861 2 Plugin Optimizer, Wordpress 2 Plugin Optimizer, Wordpress 2026-04-23 7.1 High
Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.
CVE-2024-2374 1 Wso2 10 Api Manager, Identity Server, Identity Server As Key Manager and 7 more 2026-04-23 7.5 High
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources.
CVE-2025-68561 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.4.
CVE-2025-68560 3 Codexthemes, Elementor, Wordpress 3 Thegem, Elementor, Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.10.5.1.
CVE-2025-68550 2 Villatheme, Wordpress 2 Wpbulky, Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects WPBulky: from n/a through <= 1.1.13.
CVE-2025-68547 2 Wordpress, Wpwebelite 2 Wordpress, Follow My Blog Post 2026-04-23 7.5 High
Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through <= 2.4.0.
CVE-2025-68546 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
CVE-2025-68544 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.
CVE-2025-68044 2 Rustaurius, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-04-23 8.6 High
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.4.
CVE-2025-68036 2 Emraan Cheema, Wordpress 2 Cubewp, Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.
CVE-2025-68033 2 Brechtvds, Wordpress 2 Custom Related Posts, Wordpress 2026-04-23 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0.
CVE-2025-67534 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.
CVE-2025-67533 2 Themify, Wordpress 2 Portfolio Post, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through <= 1.3.0.
CVE-2025-67528 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
CVE-2025-67527 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue affects Digiqole: from n/a through < 2.2.7.
CVE-2025-67526 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through < 4.4.6.
CVE-2025-67524 3 Elementor, Nootheme, Wordpress 3 Elementor, Jobmonster, Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster Elementor Addon jobmonster-addon allows PHP Local File Inclusion.This issue affects Jobmonster Elementor Addon: from n/a through <= 1.1.4.
CVE-2025-67523 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through <= 3.0.9.
CVE-2025-67522 2 Nootheme, Wordpress 2 Jobmonster, Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through <= 4.8.2.
CVE-2025-67521 2 Select-themes, Wordpress 2 Select Core, Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This issue affects Select Core: from n/a through < 2.6.