CVEs and Security Vulnerabilities

Export limit exceeded: 45556 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45556 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58674	2 Automattic, Wordpress	2 Wordpress, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress WordPress wordpress allows Stored XSS.This issue affects WordPress: from n/a through <= 6.8.2.
CVE-2025-58671	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed auction-feed allows Stored XSS.This issue affects Auction Feed: from n/a through <= 1.1.4.
CVE-2025-58669	3 Magento, Modern Minds, Wordpress	3 Magento, Magento 2 Wordpress Integration, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration m2wp allows Stored XSS.This issue affects Magento 2 WordPress Integration: from n/a through <= 1.4.2.1.
CVE-2025-58665	2 Tmontg1, Wordpress	2 Form Generator, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through <= 1.52.
CVE-2025-58661	2 Ezee Technosys, Wordpress	2 Ezee Online Hotel Booking Engine, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eZee Technosys eZee Online Hotel Booking Engine online-booking-engine allows Stored XSS.This issue affects eZee Online Hotel Booking Engine: from n/a through <= 1.0.0.
CVE-2025-58659	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ helpie-faq allows Retrieve Embedded Sensitive Data.This issue affects Helpie FAQ: from n/a through <= 1.45.
CVE-2025-58658	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications proof-factor-social-proof-notifications allows Stored XSS.This issue affects Proof Factor – Social Proof Notifications: from n/a through <= 1.0.5.
CVE-2025-58656	3 Risto Niinemets, Woocommerce, Wordpress	3 Estonian Shipping Methods, Woocommerce, Wordpress	2026-04-23	5.3 Medium
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.
CVE-2025-58655	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Category Featured Images category-featured-images allows Stored XSS.This issue affects Category Featured Images: from n/a through <= 1.1.8.
CVE-2025-58654	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows DOM-Based XSS.This issue affects xili-language: from n/a through <= 2.21.3.
CVE-2025-58653	2 Js Morisset, Wordpress	2 Jsm Shortcode, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JS Morisset JSM file_get_contents() Shortcode wp-file-get-contents allows Stored XSS.This issue affects JSM file_get_contents() Shortcode: from n/a through <= 2.7.1.
CVE-2025-58652	2 Themepoints, Wordpress	2 Carousel Ultimate, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate carousel allows Stored XSS.This issue affects Carousel Ultimate: from n/a through <= 1.8.
CVE-2025-58651	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through <= 2.24.
CVE-2025-58648	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through <= 3.6.4.
CVE-2025-58647	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will.I.am Simple Restaurant Menu simple-restaurant-menu allows Stored XSS.This issue affects Simple Restaurant Menu: from n/a through <= 1.2.
CVE-2025-58646	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go mobi2go allows Stored XSS.This issue affects Mobi2Go: from n/a through <= 1.0.0.
CVE-2025-58645	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravitate Gravitate Automated Tester gravitate-automated-tester allows Stored XSS.This issue affects Gravitate Automated Tester: from n/a through <= 1.4.5.
CVE-2025-58640	2 Matrixaddons, Wordpress	2 Document Engine Plugin, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine document-engine allows Stored XSS.This issue affects Document Engine: from n/a through <= 1.2.
CVE-2025-58633	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through <= 1.1.21.
CVE-2025-58632	2 Dadevarzan, Wordpress	2 Wordpress Common Plugin, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common dadevarzan-common allows Stored XSS.This issue affects Dadevarzan WordPress Common: from n/a through <= 2.2.2.

« first previous Page 17 of 2278. next last »