Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341836 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-57998 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hamid Reza Yazdani E-namad &amp; Shamed Logo Manager e-namad-shamed-logo-manager allows Stored XSS.This issue affects E-namad &amp; Shamed Logo Manager: from n/a through <= 2.2.
CVE-2025-57997 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Trustpilot Trustpilot Reviews trustpilot-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trustpilot Reviews: from n/a through <= 2.5.925.
CVE-2025-57996 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets buckets allows Stored XSS.This issue affects Buckets: from n/a through <= 0.3.9.
CVE-2025-57995 2 Detheme, Wordpress 2 Dethemekit For Elementor, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10.
CVE-2025-57994 1 Wordpress 1 Wordpress 2026-04-01 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through <= 1.4.0.
CVE-2025-57993 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through <= 5.5.0.
CVE-2025-57992 2 Interserver, Wordpress 2 Mail Baby Smtp, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP mail-baby-smtp allows Cross Site Request Forgery.This issue affects Mail Baby SMTP: from n/a through <= 2.8.
CVE-2025-57991 2 Clariti, Wordpress 2 Clariti, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1.
CVE-2025-57990 2 Solwininfotech, Wordpress 2 Blog Designer, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.
CVE-2025-57989 2 Brajesh Singh, Wordpress 2 Wordpress Widgets Shortcode, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through <= 1.0.3.
CVE-2025-57988 2 Uncannyowl, Wordpress 2 Uncanny Toolkit For Learndash, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through <= 3.7.0.3.
CVE-2025-57987 2 Thimpress, Wordpress 2 Wp Events Manager, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through <= 2.2.1.
CVE-2025-57986 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP Subtitle wp-subtitle allows Stored XSS.This issue affects WP Subtitle: from n/a through <= 3.4.1.
CVE-2025-57985 2 Mantrabrain, Wordpress 2 Ultimate Watermark, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark: from n/a through <= 1.1.
CVE-2025-57984 2 Makestories, Wordpress 2 Makestories (for Google Web Stories), Wordpress 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) makestories-helper allows Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through <= 3.0.4.
CVE-2025-57983 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Damian BP Disable Activation Reloaded bp-disable-activation-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Disable Activation Reloaded: from n/a through <= 1.2.1.
CVE-2025-57982 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean Advance Portfolio Grid advance-portfolio-grid allows Stored XSS.This issue affects Advance Portfolio Grid: from n/a through <= 1.07.6.
CVE-2025-57981 2 Catchsquare, Wordpress 2 Wp Social Widget, Wordpress 2026-04-01 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.3.1.
CVE-2025-57980 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit safety-exit allows Stored XSS.This issue affects Safety Exit: from n/a through <= 1.8.0.
CVE-2025-57979 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson AuthorSure authorsure allows Stored XSS.This issue affects AuthorSure: from n/a through <= 2.3.