Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11464 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-58622 2 Wordpress, Yydevelopment 2 Wordpress, Mobile Contact Line Plugin 2025-09-04 4.3 Medium
Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0.
CVE-2025-58633 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.
CVE-2025-58600 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.
CVE-2025-58642 2 Enituretechnology, Wordpress 2 Ltl Freight Quotes, Wordpress 2025-09-04 7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11.
CVE-2025-58605 2 Wordpress, Wpdelicious 2 Wordpress, Wp Delicious 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows Stored XSS. This issue affects WP Delicious: from n/a through 1.8.7.
CVE-2025-58639 2 Contact Form By Mega Forms Project, Wordpress 2 Contact Form By Mega Forms, Wordpress 2025-09-04 5.4 Medium
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1.
CVE-2025-58593 2 Themeisle, Wordpress 2 Orbit Fox, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.
CVE-2025-58632 2 Dadevarzan, Wordpress 2 Wordpress Common Plugin, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.
CVE-2025-58618 2 Jonathanjernigan, Wordpress 2 Pie Calendar, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8.
CVE-2025-58614 2 Tooltipy, Wordpress 2 Tooltipy, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6.
CVE-2025-58626 2 Rumbletalk, Wordpress 2 Live Group Chat Plugin, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from n/a through 6.3.5.
CVE-2025-58625 2 Spiffyplugins, Wordpress 2 Wp Flow Plus, Wordpress 2025-09-04 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5.
CVE-2025-58612 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5.
CVE-2025-58641 1 Wordpress 1 Wordpress 2025-09-04 5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.
CVE-2025-58615 1 Wordpress 1 Wordpress 2025-09-04 4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0.
CVE-2025-58644 2 Enituretechnology, Wordpress 2 Ltl Freight Quotes, Wordpress 2025-09-04 7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through 1.2.6.
CVE-2025-58608 1 Wordpress 1 Wordpress 2025-09-04 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.
CVE-2025-58606 2 Cozythemes, Wordpress 2 Saaslauncher, Wordpress 2025-09-04 5 Medium
Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0.
CVE-2025-58635 1 Wordpress 1 Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23.
CVE-2025-58596 2 Mailoptin, Wordpress 2 Mailoptin, Wordpress 2025-09-04 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.