Search

Expected end of text, found '\' (at char 28), (line:1, col:29)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341810 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-67990 2 Realmag777, Wordpress 2 Gmap Targeting, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through <= 1.1.7.
CVE-2025-67989 1 Wordpress 1 Wordpress 2026-04-01 5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3.
CVE-2025-67988 2 Loftocean, Wordpress 2 Cozystay, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1.
CVE-2025-67987 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-04-01 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.
CVE-2025-67986 1 Wordpress 1 Wordpress 2026-04-01 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7.
CVE-2025-67985 1 Wordpress 1 Wordpress 2026-04-01 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through <= 1.1.7.
CVE-2025-67984 2 Calliko, Wordpress 2 Nps Computy, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2.
CVE-2025-67983 2 Osama.esh, Wordpress 2 Wp Visitor Statistics (real Time Traffic), Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3.
CVE-2025-67982 2 Thembay, Wordpress 2 Urna, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
CVE-2025-67981 2 Thembay, Wordpress 2 Besa, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.
CVE-2025-67980 2 Thembay, Wordpress 2 Hara, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17.
CVE-2025-67979 2 Westerndeal, Wordpress 2 Wpforms Google Sheet Connector, Wordpress 2026-04-01 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.1.
CVE-2025-67978 2 Fixbd, Wordpress 2 Educare, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.
CVE-2025-67977 2 Villatheme, Wordpress 2 Happy, Wordpress 2026-04-01 8.2 High
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.
CVE-2025-67976 1 Wordpress 1 Wordpress 2026-04-01 6.5 Medium
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
CVE-2025-67975 2 Adirectory, Wordpress 2 Adirectory, Wordpress 2026-04-01 6.5 Medium
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3.
CVE-2025-67974 2 Wordpress, Wplegalpages 2 Wordpress, Wp Legal Pages 2026-04-01 7.5 High
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.
CVE-2025-67973 2 Sunshinephotocart, Wordpress 2 Sunshine Photo Cart, Wordpress 2026-04-01 6.5 Medium
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2.
CVE-2025-67972 2 Fox-themes, Wordpress 2 Prague, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Prague prague-plugins allows Reflected XSS.This issue affects Prague: from n/a through <= 2.2.8.
CVE-2025-67971 2 Wordpress, Wpmanageninja 2 Wordpress, Fluentcart 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0.