CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45639 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58808	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Babar prettyPhoto prettyphoto allows Stored XSS.This issue affects prettyPhoto: from n/a through <= 1.2.5.
CVE-2025-58805			2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-58796			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dudaster Elementor Element Condition ele-conditions allows Stored XSS.This issue affects Elementor Element Condition: from n/a through <= 1.0.5.
CVE-2025-58793	2 Wordpress, Wpbean	2 Wordpress, Wpb Elementor Addons	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Elementor Addons wpb-elementor-addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through <= 1.7.
CVE-2025-58791	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arjan Olsder SEO Auto Linker wpa-seo-auto-linker allows Stored XSS.This issue affects SEO Auto Linker: from n/a through <= 1.5.3.
CVE-2025-58790			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Kiwi kiwi-social-share allows Stored XSS.This issue affects Kiwi: from n/a through <= 2.1.8.
CVE-2025-58787	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup themify-popup allows Stored XSS.This issue affects Themify Popup: from n/a through <= 1.4.2.
CVE-2025-58786			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons ibtana-ecommerce-product-addons allows DOM-Based XSS.This issue affects Ibtana – Ecommerce Product Addons: from n/a through <= 0.4.7.6.
CVE-2025-58784	2 Ari-soft, Wordpress	2 Ari Fancy Lightbox, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox ari-fancy-lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through <= 1.4.0.
CVE-2025-58704	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows Stored XSS.This issue affects WP Delete User Accounts: from n/a through <= 1.2.4.
CVE-2025-58703	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skyword Skyword API Plugin skyword-plugin allows Stored XSS.This issue affects Skyword API Plugin: from n/a through <= 2.5.3.
CVE-2025-58702	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebWizards MarketKing marketking-multivendor-marketplace-for-woocommerce allows Stored XSS.This issue affects MarketKing: from n/a through <= 2.0.92.
CVE-2025-58691	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis Club Lite: from n/a through <= 1.17.
CVE-2025-58684	2 Themepoints, Wordpress	2 Logo Showcase, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Logo Showcase logo-showcase allows Stored XSS.This issue affects Logo Showcase: from n/a through <= 4.0.1.
CVE-2025-58683	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luke Mlsna Last Updated Shortcode last-updated-shortcode allows Stored XSS.This issue affects Last Updated Shortcode: from n/a through <= 1.0.1.
CVE-2025-58682	2 Wordpress, Wp-kama	2 Wordpress, Kama Click Counter	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter kama-clic-counter allows Stored XSS.This issue affects Kama Click Counter: from n/a through <= 4.0.4.
CVE-2025-58671	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed auction-feed allows Stored XSS.This issue affects Auction Feed: from n/a through <= 1.1.4.
CVE-2025-58669	3 Magento, Modern Minds, Wordpress	3 Magento, Magento 2 Wordpress Integration, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration m2wp allows Stored XSS.This issue affects Magento 2 WordPress Integration: from n/a through <= 1.4.2.1.
CVE-2025-58665	2 Tmontg1, Wordpress	2 Form Generator, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through <= 1.52.
CVE-2025-58661	2 Ezee Technosys, Wordpress	2 Ezee Online Hotel Booking Engine, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eZee Technosys eZee Online Hotel Booking Engine online-booking-engine allows Stored XSS.This issue affects eZee Online Hotel Booking Engine: from n/a through <= 1.0.0.

« first previous Page 85 of 2282. next last »