Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (75095 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-25418 2 Bitpressadmin, Wordpress 2 Bit Form, Wordpress 2026-04-01 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-24572 1 Wordpress 1 Wordpress 2026-04-01 8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.2.0.
CVE-2026-24538 2 Omnipressteam, Wordpress 2 Omnipress, Wordpress 2026-04-01 7.6 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.7.
CVE-2026-24524 1 Wordpress 1 Wordpress 2026-04-01 8.1 High
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.6.
CVE-2026-22479 2 Themeruby, Wordpress 2 Easy Post Submission, Wordpress 2026-04-01 7.5 High
Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submission: from n/a through <= 2.4.0.
CVE-2026-22460 2 Wordpress, Wpwax 2 Wordpress, Formgent 2026-04-01 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.5.6.
CVE-2026-22416 2 Ancorathemes, Wordpress 2 Fixteam, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through <= 1.5.0.
CVE-2026-22357 2 Spencer Haws, Wordpress 2 Link Whisper Free, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.9.2.
CVE-2025-69394 2 Cnvrse, Wordpress 2 Cnvrse, Wordpress 2026-04-01 7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through < 026.02.10.20.
CVE-2025-68989 2 Renzojohnson, Wordpress 2 Contact Form 7 Extension For Mailchimp, Wordpress 2026-04-01 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68.
CVE-2025-68988 2 O2oe, Wordpress 2 E-invoice App Malaysia, Wordpress 2026-04-01 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.3.0.
CVE-2025-68887 2 Cmsjunkie, Wordpress 2 J-businessdirectory, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 4.0.1.
CVE-2025-68882 1 Wordpress 1 Wordpress 2026-04-01 7.5 High
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.5.
CVE-2025-68852 2 Webmuehle, Wordpress 2 Court Reservation, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.11.
CVE-2025-68601 2 Rustaurius, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-04-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8.
CVE-2025-68595 2 Trustindex, Wordpress 2 Widgets For Social Photo Feed, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
CVE-2025-68594 1 Wordpress 1 Wordpress 2026-04-01 8.1 High
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0.
CVE-2025-68591 2 Mitchell Bennis, Wordpress 2 Simple File List, Wordpress 2026-04-01 8.1 High
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
CVE-2025-68589 2 Wordpress, Wpsocio 2 Wordpress, Wp Telegram Widget And Join Link 2026-04-01 8.1 High
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.12.
CVE-2025-68588 2 Total-soft, Wordpress 2 Ts Poll, Wordpress 2026-04-01 8.1 High
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.