Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9159 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53244 1 Wordpress 1 Wordpress 2025-08-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Elite allows PHP Local File Inclusion. This issue affects Magazine Elite: from n/a through 1.2.4.
CVE-2025-53227 1 Wordpress 1 Wordpress 2025-08-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Saga allows PHP Local File Inclusion. This issue affects Magazine Saga: from n/a through 1.2.7.
CVE-2025-53578 1 Wordpress 1 Wordpress 2025-08-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kipso allows PHP Local File Inclusion. This issue affects Kipso: from n/a through 1.3.4.
CVE-2025-52761 1 Wordpress 1 Wordpress 2025-08-29 9.8 Critical
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a through 1.4.0.
CVE-2025-48363 1 Wordpress 1 Wordpress 2025-08-29 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5.
CVE-2025-49383 1 Wordpress 1 Wordpress 2025-08-29 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3.
CVE-2025-49387 2 Elementor, Wordpress 2 Elementor, Wordpress 2025-08-29 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3.
CVE-2025-48319 1 Wordpress 1 Wordpress 2025-08-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget allows Stored XSS. This issue affects Mesa Mesa Reservation Widget: from n/a through 1.0.0.
CVE-2025-49040 2 Backupbolt, Wordpress 2 Backup Bolt, Wordpress 2025-08-29 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1.
CVE-2025-48309 1 Wordpress 1 Wordpress 2025-08-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS. This issue affects BetPress: from n/a through 1.0.1 Lite.
CVE-2025-48311 1 Wordpress 1 Wordpress 2025-08-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0.
CVE-2025-48361 1 Wordpress 1 Wordpress 2025-08-29 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4.
CVE-2025-48307 1 Wordpress 1 Wordpress 2025-08-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS. This issue affects SEO For Images: from n/a through 1.0.0.
CVE-2025-48312 1 Wordpress 1 Wordpress 2025-08-29 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 文派翻译(WP Chinese Translation) WPAvatar allows Stored XSS. This issue affects WPAvatar: from n/a through 1.9.3.
CVE-2025-58198 2 Wordpress, Xpro 2 Wordpress, Theme Builder 2025-08-29 6.5 Medium
Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9.
CVE-2025-58211 2 Alexvtn, Wordpress 2 Chatbox Manager, Wordpress 2025-08-29 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6.
CVE-2025-58216 2 Jgwhite33, Wordpress 2 Wp Thumbtack Review Slider, Wordpress 2025-08-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6.
CVE-2025-48109 1 Wordpress 1 Wordpress 2025-08-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup allows Stored XSS. This issue affects XM-Backup: from n/a through 0.9.1.
CVE-2025-9352 2 Pronamic, Wordpress 2 Google Maps, Wordpress 2025-08-29 5.4 Medium
The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-48351 1 Wordpress 1 Wordpress 2025-08-29 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4.