Hearsay\ CVEs and Security Vulnerabilities

Export limit exceeded: 346208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 26), (line:1, col:27)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346208 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66063	2 Jgwhite33, Wordpress	2 Wp Google Review Slider, Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.
CVE-2025-66062	1 Wordpress	1 Wordpress	2026-04-23	3.4 Low
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28.
CVE-2025-66061	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66060	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66059	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-04-23	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66058	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
CVE-2025-66057	2 Bold-themes, Wordpress	2 Bold Page Builder, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2.
CVE-2025-66054	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2026-04-23	7.5 High
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-64639	3 Mainwp, Wordpress, Wp Compress	3 Mainwp, Wordpress, For Mainwp	2026-04-23	5.3 Medium
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.17.
CVE-2025-64638	3 Onpay.io, Woocommerce, Wordpress	3 For Woocommerce, Woocommerce, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
CVE-2025-64635	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
CVE-2025-64634	2 Theme-fusion, Wordpress	2 Avada, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
CVE-2025-64632	2 Auctollo, Wordpress	2 Google-sitemap-generator, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.22.
CVE-2025-64631	2 Wclovers, Wordpress	2 Wcfm Marketplace, Wordpress	2026-04-23	4.9 Medium
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.
CVE-2025-64630	2 Strategy11, Wordpress	2 Business Directory Plugin, Wordpress	2026-04-23	4.9 Medium
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.
CVE-2025-64384	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
CVE-2025-64378	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-64375	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
CVE-2025-64373	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through < 3.2.6.
CVE-2025-64372	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.6.

« first previous Page 43 of 17311. next last »