Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346623 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-68594 1 Wordpress 1 Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0.
CVE-2025-68595 2 Trustindex, Wordpress 2 Widgets For Social Photo Feed, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
CVE-2025-68596 2 Bitapps, Wordpress 2 Bit Assist, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
CVE-2025-68597 2 Blueglass, Wordpress 2 Jobs For Wordpress, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.8.1.
CVE-2025-68598 2 Livecomposer, Wordpress 2 Page Builder: Live Composer, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.13.
CVE-2025-68599 1 Wordpress 1 Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4.
CVE-2025-68600 2 Wordpress, Ylefebvre 2 Wordpress, Link Library 2026-04-24 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.7.
CVE-2025-68601 2 Rustaurius, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-04-24 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8.
CVE-2025-68602 2 Scott Paterson, Wordpress 2 Accept Donations With Paypal, Wordpress 2026-04-24 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.5.2.
CVE-2025-68603 2 Marketing Fire, Wordpress 2 Editorial Calendar, Wordpress 2026-04-24 5.4 Medium
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
CVE-2025-68605 2 Pickplugins, Wordpress 2 Post Grid, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
CVE-2025-68606 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-04-24 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2025-68974 2 Miniorange, Wordpress 3 Social Login, Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress 2026-04-24 6.6 Medium
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0.
CVE-2025-68975 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2025-68976 1 Wordpress 1 Wordpress 2026-04-24 5.4 Medium
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2025-68977 2 Designthemes, Wordpress 2 Portfolio Addon, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.
CVE-2025-68978 2 Designthemes, Wordpress 2 Core, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.
CVE-2025-68979 2 Simplecalendar, Wordpress 2 Google Calendar Events, Wordpress 2026-04-24 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through <= 3.5.9.
CVE-2025-68980 2 Designthemes, Wordpress 2 Wedesigntech-portfolio, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.
CVE-2025-68981 3 Designthemes, Elementor, Wordpress 3 Homefix Elementor Portfolio, Elementor, Wordpress 2026-04-24 5.3 Medium
Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.