Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11399 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58221 2 Ontraport, Wordpress 2 Pilotpress, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through <= 2.0.36.
CVE-2025-58220 2 Techeshta, Wordpress 2 Card Elements For Wpbakery, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Techeshta Card Elements for WPBakery card-elements-for-wpbakery allows DOM-Based XSS.This issue affects Card Elements for WPBakery: from n/a through <= 1.0.8.
CVE-2025-58219 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through <= 1.2.0.
CVE-2025-58216 2 Jgwhite33, Wordpress 2 Wp Thumbtack Review Slider, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider wp-thumbtack-review-slider allows Stored XSS.This issue affects WP Thumbtack Review Slider: from n/a through <= 2.6.
CVE-2025-58215 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through < 1.4.5.
CVE-2025-58214 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through < 1.3.0.
CVE-2025-58213 2 Ameliabooking, Wordpress 2 Booking System Trafft, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft booking-system-trafft allows Stored XSS.This issue affects Booking System Trafft: from n/a through <= 1.0.14.
CVE-2025-58212 2 Epeken, Wordpress 2 All Kurir, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir epeken-all-kurir allows DOM-Based XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.1.
CVE-2025-58211 2 Alexvtn, Wordpress 2 Chatbox Manager, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager: from n/a through <= 1.2.6.
CVE-2025-58210 2 Thememove, Wordpress 2 Makeaholic, Wordpress 2026-04-01 9.8 Critical
Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5.
CVE-2025-58209 2 Rtcamp, Wordpress 2 Transcoder, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder transcoder allows Stored XSS.This issue affects Transcoder: from n/a through <= 1.4.0.
CVE-2025-58206 2 Thememove, Wordpress 2 Maxcoach, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5.
CVE-2025-58205 2 Elementinvader, Wordpress 2 Elementinvader Addons For Elementor, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.6.
CVE-2025-58203 2 Solacewp, Wordpress 2 Solace Extra, Wordpress 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra solace-extra allows Server Side Request Forgery.This issue affects Solace Extra: from n/a through <= 1.3.2.
CVE-2025-58202 2 Pluginsandsnippets, Wordpress 2 Simple Page Access Restriction, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through <= 1.0.32.
CVE-2025-58201 2 Aftership & Automizely, Wordpress 2 Aftership Tracking, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in AfterShip &amp; Automizely AfterShip Tracking aftership-woocommerce-tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AfterShip Tracking: from n/a through <= 1.17.17.
CVE-2025-58200 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through <= 0.2.
CVE-2025-58199 2 Fastly, Wordpress 2 Fastly, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
CVE-2025-58198 2 Wordpress, Xpro 2 Wordpress, Theme Builder 2026-04-01 N/A
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.9.
CVE-2025-58196 2 Uicore, Wordpress 2 Elements, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.4.