Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26747 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7.
CVE-2025-23752 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS. This issue affects CGD Arrange Terms: from n/a through 1.1.3.
CVE-2024-31121 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.
CVE-2024-6810 1 Wordpress 1 Wordpress 2025-07-13 4.4 Medium
The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2024-56239 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Audio Dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through 2.0.4.
CVE-2025-25108 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus allows Reflected XSS. This issue affects SW Plus: from n/a through 2.1.
CVE-2024-54276 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5.
CVE-2024-56231 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through 1.1.4.
CVE-2025-23988 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.
CVE-2024-13711 1 Wordpress 1 Wordpress 2025-07-13 6.1 Medium
The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-43263 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3.
CVE-2025-23740 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy School Registration allows Reflected XSS. This issue affects Easy School Registration: from n/a through 3.9.8.
CVE-2025-26991 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS. This issue affects WPPizza: from n/a through 3.19.4.
CVE-2025-23545 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast allows Reflected XSS. This issue affects WP Social Broadcast: from n/a through 1.0.0.
CVE-2024-34765 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.
CVE-2024-53721 1 Wordpress 1 Wordpress 2025-07-13 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6.
CVE-2024-43233 2 Bannersky, Wordpress 2 Bsk Forms Blacklist, Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
CVE-2024-52470 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through 1.0.
CVE-2024-51694 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0.
CVE-2025-47668 1 Wordpress 1 Wordpress 2025-07-13 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode allows Stored XSS. This issue affects CookieCode: from n/a through 2.4.4.