Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9159 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3701 1 Wordpress 1 Wordpress 2025-09-04 4.3 Medium
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through 16.8.
CVE-2025-9378 1 Wordpress 1 Wordpress 2025-09-04 6.4 Medium
The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-58625 2 Spiffyplugins, Wordpress 2 Wp Flow Plus, Wordpress 2025-09-04 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5.
CVE-2025-58641 1 Wordpress 1 Wordpress 2025-09-04 5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.
CVE-2025-58643 2 Enituretechnology, Wordpress 2 Ltl Freight Quotes, Wordpress 2025-09-04 7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.
CVE-2025-58605 2 Wordpress, Wpdelicious 2 Wordpress, Wp Delicious 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows Stored XSS. This issue affects WP Delicious: from n/a through 1.8.7.
CVE-2025-58620 2 Wordpress, Wpforms 2 Wordpress, Wpforms 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms allows Stored XSS. This issue affects PDF for WPForms: from n/a through 6.2.1.
CVE-2025-58594 2 Brizy, Wordpress 2 Brizy, Wordpress 2025-09-04 4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
CVE-2025-58598 3 Klarna, Woocommerce, Wordpress 3 Klarna For Woocommerce, Woocommerce, Wordpress 2025-09-04 6.6 Medium
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Klarna Order Management for WooCommerce: from n/a through 1.9.8.
CVE-2025-58616 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1.
CVE-2025-9519 1 Wordpress 1 Wordpress 2025-09-04 7.2 High
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server.
CVE-2025-58639 2 Contact Form By Mega Forms Project, Wordpress 2 Contact Form By Mega Forms, Wordpress 2025-09-04 5.4 Medium
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1.
CVE-2025-58612 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5.
CVE-2025-58637 1 Wordpress 1 Wordpress 2025-09-04 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex Kickstart: from n/a through 1.11.6.
CVE-2025-58618 2 Jonathanjernigan, Wordpress 2 Pie Calendar, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8.
CVE-2025-58634 1 Wordpress 1 Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.
CVE-2025-58601 2 Radiustheme, Wordpress 2 Classified Listing, Wordpress 2025-09-04 4.3 Medium
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.
CVE-2025-58603 2 Surfer, Wordpress 2 Surfer Plugin, Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.
CVE-2025-58608 1 Wordpress 1 Wordpress 2025-09-04 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.
CVE-2025-58593 2 Themeisle, Wordpress 2 Orbit Fox, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.