Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11417 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-30919 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r2.
CVE-2025-30918 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through <= 1.6.3.
CVE-2025-30914 1 Wordpress 1 Wordpress 2026-04-01 N/A
Server-Side Request Forgery (SSRF) vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through <= 3.9.2.
CVE-2025-30913 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a through <= 1.5.19.
CVE-2025-30911 2 Rometheme, Wordpress 2 Romethemekit For Elementor, Wordpress 2026-04-01 N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.
CVE-2025-30909 2 Conversios, Wordpress 2 Conversios.io, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.3.
CVE-2025-30905 2 Ays-pro, Wordpress 2 Secure Copy Content Protection And Content Locking, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.4.3.
CVE-2025-30904 2 Ays-pro, Wordpress 2 Chartify, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <= 3.1.7.
CVE-2025-30901 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30899 2 Wordpress, Wpeverest 3 Wordpress, User Registration, User Registration \& Membership 2026-04-01 4.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.
CVE-2025-30895 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through <= 4.2.9.
CVE-2025-30894 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.79.262.
CVE-2025-30887 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9.
CVE-2025-30882 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-04-01 N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1.
CVE-2025-30881 2 Themehunk, Wordpress 2 Big Store, Wordpress 2026-04-01 5.4 Medium
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through <= 2.0.8.
CVE-2025-30880 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30875 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through <= 1.3.16.
CVE-2025-30869 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall image-wall allows Reflected XSS.This issue affects Image Wall: from n/a through <= 3.0.
CVE-2025-30866 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through <= 1.2.15.
CVE-2025-30865 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite 3dprint-lite allows Cross Site Request Forgery.This issue affects 3DPrint Lite: from n/a through <= 2.1.3.5.