Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 346267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 27), (line:1, col:28)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346267 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-53455 3 Cashbill, Woocommerce, Wordpress 3 Cashbill Woocommerce, Woocommerce, Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl &#8211; Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue affects CashBill.pl &#8211; Płatności WooCommerce: from n/a through <= 3.2.1.
CVE-2025-53454 2 Rustaurius, Wordpress 2 Ultimate Wp Mail, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through <= 1.3.8.
CVE-2025-53453 2 Axiomthemes, Wordpress 2 Hygia, Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.
CVE-2025-53452 2 Barry, Wordpress 2 Event Rocket, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Barry Event Rocket event-rocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Rocket: from n/a through <= 3.3.
CVE-2025-53451 2 Mihdan, Wordpress 2 No External Links Project, Wordpress 2026-04-23 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through <= 5.1.6.2.
CVE-2025-53450 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP easy-pricing-table-wp allows PHP Local File Inclusion.This issue affects Easy Pricing Table WP: from n/a through <= 1.1.3.
CVE-2025-53444 2 Deluxethemes, Wordpress 2 Userpro, Wordpress 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through < 5.1.11.
CVE-2025-53426 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Likert Survey Master likert-survey-master allows Reflected XSS.This issue affects Likert Survey Master: from n/a through <= 0.8.0.1.
CVE-2025-53425 2 Dokan, Wordpress 2 Dokan, Wordpress 2026-04-23 7.2 High
Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3.
CVE-2025-53424 3 Vanquish, Woocommerce, Wordpress 3 Woocommerce Orders Customers Exporter, Woocommerce, Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
CVE-2025-53421 2 Pickplugins, Wordpress 2 Accordion, Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
CVE-2025-53349 2 Laborator, Wordpress 2 Kalium, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laborator Kalium kalium allows Reflected XSS.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-53347 2 Laborator, Wordpress 2 Kalium, Wordpress 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-53344 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core thim-core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through <= 2.3.3.
CVE-2025-53343 2 Goodlayers, Wordpress 2 Modernize, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0.
CVE-2025-53342 2 Goodlayers, Wordpress 2 Modernize, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize modernize allows Stored XSS.This issue affects Modernize: from n/a through <= 3.4.0.
CVE-2025-53341 2 Themovation, Wordpress 2 Stratus, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Theme - Stratus: from n/a through <= 4.2.5.
CVE-2025-53340 2 Getawesomesupport, Wordpress 2 Awesome Support, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Retrieve Embedded Sensitive Data.This issue affects Awesome Support: from n/a through <= 6.3.6.
CVE-2025-53339 2026-04-23 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local File Inclusion.This issue affects Devnex Addons For Elementor: from n/a through <= 1.0.9.
CVE-2025-53338 2026-04-23 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in dor re.place replace allows Stored XSS.This issue affects re.place: from n/a through <= 0.2.1.