\ CVEs and Security Vulnerabilities

Export limit exceeded: 346314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '\' (at char 29), (line:1, col:30)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346314 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62888	2 Marcomilesi, Wordpress	2 Wp Attachments, Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2.
CVE-2025-62887	3 Elementor, Kingaddons, Wordpress	3 Elementor, King Addons For Elementor, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.61.
CVE-2025-62886	2 Wordpress, Wpdevart	2 Wordpress, Pricing Table Builder	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.3.
CVE-2025-62884	2 Relywp, Wordpress	2 Coupon Affiliates, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through <= 7.2.0.
CVE-2025-62882	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-62881	2 Wordpress, Wplab	2 Wordpress, Wp-lister Lite For Ebay	2026-04-23	4.3 Medium
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.3.
CVE-2025-62880	2 Kunalnagar, Wordpress	2 Custom 404 Pro, Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through <= 3.12.0.
CVE-2025-62874	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through <= 0.3.6.
CVE-2025-62867	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.13.
CVE-2025-62762	2 Photoboxone, Wordpress	2 Smtp Mail, Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through <= 1.3.51.
CVE-2025-62761	2 Basepress, Wordpress	2 Knowledge Base Documentation & Wiki Plugin, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress basepress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through <= 2.17.0.1.
CVE-2025-62760	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through <= 1.1.8.
CVE-2025-62759	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series series allows Stored XSS.This issue affects Series: from n/a through <= 2.0.1.
CVE-2025-62758	2 Funnelforms, Wordpress	2 Funnelforms Free, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through <= 3.8.
CVE-2025-62757	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design \| Oliver Juhas WebMan Amplifier webman-amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through <= 1.5.12.
CVE-2025-62756	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer the-moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through <= 10.0.9.
CVE-2025-62755	2 Gsplugins, Wordpress	2 Gs Portfolio For Envato, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.
CVE-2025-62754	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0.
CVE-2025-62753	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through <= 1.3.4.
CVE-2025-62752	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kalender.digital Kalender.digital kalender-digital allows DOM-Based XSS.This issue affects Kalender.digital: from n/a through <= 1.0.13.

« first previous Page 76 of 17316. next last »