Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11448 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-31747 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a through <= 1.5.4.
CVE-2025-31745 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through <= 1.0.9.
CVE-2025-31744 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows Stored XSS.This issue affects Lightweight and Responsive Youtube Embed: from n/a through <= 1.0.0.
CVE-2025-31743 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows Stored XSS.This issue affects Lightweight and Responsive Youtube Embed: from n/a through <= 1.0.0.
CVE-2025-31742 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action: from n/a through <= 1.0.5.
CVE-2025-31741 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine filtr8-magazine allows DOM-Based XSS.This issue affects Easy Magazine: from n/a through <= 2.1.13.
CVE-2025-31738 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/a through <= 1.1.0.
CVE-2025-31737 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dxladner Client Showcase client-showcase allows Stored XSS.This issue affects Client Showcase: from n/a through <= 1.2.0.
CVE-2025-31736 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
CVE-2025-31733 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <= 1.0.0.
CVE-2025-31731 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode author-bio-shortcode allows Stored XSS.This issue affects Author Bio Shortcode: from n/a through <= 2.5.3.
CVE-2025-31730 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons: from n/a through <= 1.0.1.
CVE-2025-31641 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6.
CVE-2025-31637 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows SQL Injection.This issue affects SHOUT: from n/a through <= 3.5.3.
CVE-2025-31629 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript infusionsoft-web-form-javascript allows Stored XSS.This issue affects Infusionsoft Web Form JavaScript: from n/a through <= 1.1.1.
CVE-2025-31628 2 Slicedinvoices, Wordpress 2 Sliced Invoices, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through <= 3.10.0.
CVE-2025-31626 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite ticket-help-desk-system-lite allows Reflected XSS.This issue affects Support Helpdesk Ticket System Lite: from n/a through <= 4.5.2.
CVE-2025-31625 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence useinfluence allows Stored XSS.This issue affects Useinfluence: from n/a through <= 1.0.8.
CVE-2025-31623 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
CVE-2025-31622 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Utkarsh Kukreti Advanced Typekit advanced-typekit allows Stored XSS.This issue affects Advanced Typekit: from n/a through <= 1.0.1.