Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341800 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-58009 2 Cp Multi View Event Calendar Project, Wordpress 2 Cp Multi View Event Calendar, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
CVE-2025-58008 2 Wordpress, Xnau 2 Wordpress, Participants Database 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xnau webdesign Participants Database participants-database allows Stored XSS.This issue affects Participants Database: from n/a through <= 2.7.6.3.
CVE-2025-58007 2 Nerdpress, Wordpress 2 Social Pug Wordpress, Wordpress 2026-04-01 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through <= 1.35.2.
CVE-2025-58006 2 Crm Perks, Wordpress 2 Wp Gravity Forms Keap/infusionsoft, Wordpress 2026-04-01 N/A
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Phishing.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.6.
CVE-2025-58005 1 Wordpress 1 Wordpress 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub dricub-driving-school allows Server Side Request Forgery.This issue affects DriCub: from n/a through <= 2.9.
CVE-2025-58004 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through <= 2.9.
CVE-2025-58003 2 Javothemes, Wordpress 2 Javo Core, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.266.
CVE-2025-58002 2 Bbpress, Wordpress 2 Bbpress, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD bbPress Tools gd-bbpress-tools allows DOM-Based XSS.This issue affects GD bbPress Tools: from n/a through <= 3.5.3.
CVE-2025-58001 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Compact Archives compact-archives allows Stored XSS.This issue affects Compact Archives: from n/a through <= 4.1.0.
CVE-2025-58000 2 Memberful, Wordpress 2 Memberful, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in memberful Memberful - Membership Plugin memberful-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberful - Membership Plugin: from n/a through <= 1.75.0.
CVE-2025-57999 2 Wordpress, Wpkoi 2 Wordpress, Wpkoi Templates For Elementor 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows DOM-Based XSS.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.4.3.
CVE-2025-57998 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hamid Reza Yazdani E-namad &amp; Shamed Logo Manager e-namad-shamed-logo-manager allows Stored XSS.This issue affects E-namad &amp; Shamed Logo Manager: from n/a through <= 2.2.
CVE-2025-57997 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Trustpilot Trustpilot Reviews trustpilot-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trustpilot Reviews: from n/a through <= 2.5.925.
CVE-2025-57996 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets buckets allows Stored XSS.This issue affects Buckets: from n/a through <= 0.3.9.
CVE-2025-57995 2 Detheme, Wordpress 2 Dethemekit For Elementor, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10.
CVE-2025-57994 1 Wordpress 1 Wordpress 2026-04-01 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through <= 1.4.0.
CVE-2025-57993 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through <= 5.5.0.
CVE-2025-57992 2 Interserver, Wordpress 2 Mail Baby Smtp, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP mail-baby-smtp allows Cross Site Request Forgery.This issue affects Mail Baby SMTP: from n/a through <= 2.8.
CVE-2025-57991 2 Clariti, Wordpress 2 Clariti, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1.
CVE-2025-57990 2 Solwininfotech, Wordpress 2 Blog Designer, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.