Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (78916 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-54731 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through <= 3.5.1.
CVE-2025-54724 2 Uxper, Wordpress 2 Golo, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through <= 1.7.1.
CVE-2025-54722 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3.
CVE-2025-54716 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through <= 1.8.5.
CVE-2025-54714 2 Dylanjames, Wordpress 2 Zephyr Project Manager, Wordpress 2026-04-23 7.1 High
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201.
CVE-2025-54711 2 Bplugins, Wordpress 2 Info Cards, Wordpress 2026-04-23 7.1 High
Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11.
CVE-2025-54710 2 Bplugins, Wordpress 2 Tiktok Feed Plugin, Wordpress 2026-04-23 7.1 High
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21.
CVE-2025-54709 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala sala.This issue affects Sala: from n/a through <= 1.1.6.
CVE-2025-54701 2 Thememove, Wordpress 2 Unicamp, Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3.
CVE-2025-54700 2 Thememove, Wordpress 2 Makeaholic, Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4.
CVE-2025-54697 2 Kadencewp, Wordpress 2 Kadence Woocommerce Email Designer, Wordpress 2026-04-23 7.2 High
Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16.
CVE-2025-54692 2 Wordpress, Wpswings 2 Wordpress, Membership For Woocommerce 2026-04-23 7.5 High
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0.
CVE-2025-54690 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue affects Xinterio: from n/a through <= 4.2.
CVE-2025-54689 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7.
CVE-2025-54679 2 Vertim, Wordpress 2 Neon Channel Product Customizer Free, Wordpress 2026-04-23 7.5 High
Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through <= 2.0.
CVE-2025-54670 2 Bobbingwide, Wordpress 2 Oik, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= 4.15.2.
CVE-2025-54056 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.8.
CVE-2025-54055 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= 1.5.2.
CVE-2025-54052 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.0.0.
CVE-2025-54044 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Reflected XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5.