Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11529 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-31906 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare wp-profitshare allows Stored XSS.This issue affects WP Profitshare: from n/a through <= 1.4.9.
CVE-2025-31905 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O'Donnell Team Rosters team-rosters allows Reflected XSS.This issue affects Team Rosters: from n/a through <= 4.7.
CVE-2025-31903 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows Reflected XSS.This issue affects XV Random Quotes: from n/a through <= 2.0.0.
CVE-2025-31902 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Reflected XSS.This issue affects Social Share And Social Locker: from n/a through <= 1.4.1.
CVE-2025-31900 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata lexicata allows Reflected XSS.This issue affects Lexicata: from n/a through <= 1.0.16.
CVE-2025-31899 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through <= 1.2.
CVE-2025-31898 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dustinscarberry MediaView mediaview allows Reflected XSS.This issue affects MediaView: from n/a through <= 1.1.2.
CVE-2025-31895 2 Paulrosen, Wordpress 2 Abc Notation, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation abc-notation allows Stored XSS.This issue affects ABC Notation: from n/a through <= 6.1.3.
CVE-2025-31893 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through <= 2.0.0.
CVE-2025-31892 2 Themeum, Wordpress 2 Wp Crowdfunding, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through <= 2.1.15.
CVE-2025-31891 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gosign Gosign – Posts Slider Block gosign-posts-slider-block allows Stored XSS.This issue affects Gosign – Posts Slider Block: from n/a through <= 1.1.0.
CVE-2025-31887 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyBookProgress by Stormhill Media: from n/a through <= 1.0.8.
CVE-2025-31885 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows DOM-Based XSS.This issue affects Hyperlink Group Block: from n/a through <= 2.0.1.
CVE-2025-31881 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Stylemix Pearl pearl-header-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pearl: from n/a through <= 1.3.9.
CVE-2025-31880 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl pearl-header-builder allows Cross Site Request Forgery.This issue affects Pearl: from n/a through <= 1.3.9.
CVE-2025-31878 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.
CVE-2025-31877 2 Magnigenie, Wordpress 2 Restropress, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.8.
CVE-2025-31876 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in gunnarpayday Payday payday allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payday: from n/a through <= 3.3.18.
CVE-2025-31874 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay WebberZone Snippetz add-to-all allows Stored XSS.This issue affects WebberZone Snippetz: from n/a through <= 2.1.1.
CVE-2025-31873 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sheetdb SheetDB sheetdb allows Stored XSS.This issue affects SheetDB: from n/a through <= 1.3.4.