Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (72355 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68583 1 Wordpress 1 Wordpress 2026-01-20 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10.
CVE-2025-68582 2 Funnelforms, Wordpress 3 Funnelforms, Funnelforms Free, Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.
CVE-2025-68581 1 Wordpress 1 Wordpress 2026-01-20 8.1 High
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.11.
CVE-2025-68580 2 Pluginsware, Wordpress 2 Advanced Classifieds & Directory Pro, Wordpress 2026-01-20 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9.
CVE-2025-68579 1 Wordpress 1 Wordpress 2026-01-20 8.1 High
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
CVE-2025-68578 1 Wordpress 1 Wordpress 2026-01-20 8.1 High
Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.
CVE-2025-68577 1 Wordpress 1 Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.
CVE-2025-68576 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.
CVE-2025-68575 1 Wordpress 1 Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through <=2.7.2.
CVE-2025-68573 1 Wordpress 1 Wordpress 2026-01-20 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5.
CVE-2025-68572 2 Spider-themes, Wordpress 2 Bbp Core, Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1.
CVE-2025-68571 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0.
CVE-2025-68569 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.38.
CVE-2025-68568 2 Popup Builder, Wordpress 2 Popup Builder, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture &amp; Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture &amp; Lead Generation forms maker: from n/a through <= 1.0.5.
CVE-2025-68567 2 Wordpress, Wphocus 2 Wordpress, My Auctions Allegro 2026-01-20 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.32.
CVE-2025-68561 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-01-20 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4.
CVE-2025-68560 3 Codexthemes, Elementor, Wordpress 3 Thegem, Elementor, Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1.
CVE-2025-68550 2 Villatheme, Wordpress 2 Wpbulky, Wordpress 2026-01-20 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky allows Blind SQL Injection.This issue affects WPBulky: from n/a through 1.1.13.
CVE-2025-68547 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through 2.4.0.
CVE-2025-68546 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14.