Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (78855 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-4957 2 Metagauss, Wordpress 2 Profilegrid, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5.9.5.7.
CVE-2025-4414 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through < 2.5.7.
CVE-2025-49994 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athens: from n/a through <= 1.1.6.
CVE-2025-49958 3 Robokassa, Woocommerce, Wordpress 3 Payment Gateway For Woocommerce, Woocommerce, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.6.
CVE-2025-49950 2 Official Integration For Billingo Project, Wordpress 2 Official Integration For Billingo, Wordpress 2026-04-23 7.2 High
Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0.
CVE-2025-49935 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2.
CVE-2025-49926 2 Laborator, Wordpress 2 Kalium, Wordpress 2026-04-23 7.2 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25.
CVE-2025-49925 2 Vibethemes, Wordpress 2 Wordpress Learning Management System, Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2025-49924 1 Wordpress 1 Wordpress 2026-04-23 7.2 High
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.
CVE-2025-49921 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0.
CVE-2025-49916 2 Multivendorx, Wordpress 2 Multivendorx, Wordpress 2026-04-23 8.6 High
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.
CVE-2025-49909 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through < 2.4.
CVE-2025-49905 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Range Slider Addon for Gravity Forms range-slider-addon-for-gravity-forms allows Reflected XSS.This issue affects Range Slider Addon for Gravity Forms: from n/a through <= 1.1.6.
CVE-2025-49904 2 Magepeople, Wordpress 2 Booking & Rental Manager, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: from n/a through <= 2.5.3.
CVE-2025-49898 1 Wordpress 1 Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xolluteon School Management school-management allows SQL Injection.This issue affects School Management: from n/a through <= 93.2.0.
CVE-2025-49897 2 Gopiplus, Wordpress 2 Vertical Scroll Slideshow Gallery V2, Wordpress 2026-04-23 8.8 High
Incorrect Privilege Assignment vulnerability in gopiplus School Management school-management allows Privilege Escalation.This issue affects School Management: from n/a through <= 93.2.0.
CVE-2025-49894 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49893 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Nuss nuss allows Reflected XSS.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49892 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through <= 1.3.3.
CVE-2025-49891 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3.