Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11409 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54708 2 Bplugins, Wordpress 2 B Blocks, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through <= 2.0.5.
CVE-2025-54707 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through <= 1.3.3.7.
CVE-2025-54706 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through <= 1.2.52.
CVE-2025-54705 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6.
CVE-2025-54704 3 Elementor, Hashthemes, Wordpress 3 Elementor, Easy Elementor Addons, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through <= 2.2.6.
CVE-2025-54703 2 Prince, Wordpress 2 Integrate Google Drive, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2.
CVE-2025-54702 2 Motovnet, Wordpress 2 Ebook Store, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013.
CVE-2025-54701 2 Thememove, Wordpress 2 Unicamp, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3.
CVE-2025-54700 2 Thememove, Wordpress 2 Makeaholic, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4.
CVE-2025-54699 2 Masteriyo, Wordpress 2 Masteriyo, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through <= 1.18.3.
CVE-2025-54698 2 Radiustheme, Wordpress 2 Classified Listing, Wordpress 2026-04-01 N/A
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0.
CVE-2025-54697 2 Kadencewp, Wordpress 2 Kadence Woocommerce Email Designer, Wordpress 2026-04-01 N/A
Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16.
CVE-2025-54696 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels allows Stored XSS.This issue affects WPFunnels: from n/a through <= 3.5.26.
CVE-2025-54695 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0.
CVE-2025-54694 2 Bplugins, Wordpress 2 Button Block, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0.
CVE-2025-54693 2 Epiph, Wordpress 2 Form Block, Wordpress 2026-04-01 N/A
Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5.
CVE-2025-54692 2 Wordpress, Wpswings 2 Wordpress, Membership For Woocommerce 2026-04-01 N/A
Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0.
CVE-2025-54691 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-04-01 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through <= 1.4.80.
CVE-2025-54690 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue affects Xinterio: from n/a through <= 4.2.
CVE-2025-54689 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7.