Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8919 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49377 2 Themefic, Wordpress 2 Hydra Booking, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.
CVE-2025-49376 2 Delucks, Wordpress 2 Delucks Seo, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.
CVE-2025-49356 3 Mykola Lukin, Woocommerce, Wordpress 3 Orders Chat For Woocommerce, Woocommerce, Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0.
CVE-2025-49350 2 Marcoingraiti, Wordpress 2 Actionwear Products Sync, Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through <= 2.3.3.
CVE-2025-49349 2 Reuters News Agency, Wordpress 2 Reuters Direct, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0.
CVE-2025-49348 2 Hype, Wordpress 2 Hype, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through <= 1.0.5.
CVE-2025-49339 1 Wordpress 1 Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0.
CVE-2025-49338 1 Wordpress 1 Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through 1.1.5.
CVE-2025-49041 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3.
CVE-2025-48096 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <= 1.4.0.
CVE-2025-46255 2 Marketing Fire, Wordpress 2 Loginwp, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
CVE-2025-39561 2 Marketing Fire, Wordpress 2 Loginwp, Wordpress 2026-01-20 6.5 Medium
Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
CVE-2025-39465 2 Flippercode, Wordpress 2 Advanced Google Maps, Wordpress 2026-01-20 8.1 High
Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4.
CVE-2025-31046 2 Wordpress, Wpvibes 2 Wordpress, Anywhere Elementor 2026-01-20 4.3 Medium
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29.
CVE-2025-30944 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23.
CVE-2025-22715 2 Loopus, Wordpress 2 Wp Attractive Donations System, Wordpress 2026-01-20 8.1 High
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
CVE-2025-14360 1 Wordpress 1 Wordpress 2026-01-20 9.8 Critical
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15.
CVE-2025-14358 1 Wordpress 1 Wordpress 2026-01-20 9.8 Critical
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.
CVE-2024-24844 2 Ideabox, Wordpress 2 Powerpack Pro For Elementor, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.
CVE-2026-1169 1 Birkir 1 Prime 2026-01-20 4.3 Medium
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.