Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58223 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor VoucherPress voucherpress allows Stored XSS.This issue affects VoucherPress: from n/a through <= 1.5.7.
CVE-2025-58229 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through <= 2.0.
CVE-2025-58235 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through <= 3.2.35.
CVE-2025-58237 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through <= 2.2.4.
CVE-2025-58239 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through <= 1.9.
CVE-2025-58240 2 Wordpress, Xiligroup 2 Wordpress, Xili-tidy-tags 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Stored XSS.This issue affects xili-tidy-tags: from n/a through <= 1.12.06.
CVE-2025-58245 2 Bestweblayout, Wordpress 2 Portfolio, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio portfolio allows DOM-Based XSS.This issue affects Portfolio : from n/a through <= 2.58.
CVE-2025-58030 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through <= 5.8.
CVE-2025-58028 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aum Watcharapon Designil PDPA Thailand pdpa-thailand allows Stored XSS.This issue affects Designil PDPA Thailand: from n/a through <= 2.0.1.
CVE-2025-58027 2 Wordpress, Wpo-hr 2 Wordpress, Ngg Smart Image Search 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows Stored XSS.This issue affects NGG Smart Image Search: from n/a through <= 3.4.3.
CVE-2025-58026 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in termageddon Termageddon: Cookie Consent & Privacy Compliance termageddon-usercentrics allows Stored XSS.This issue affects Termageddon: Cookie Consent & Privacy Compliance: from n/a through <= 1.8.1.
CVE-2025-58020 2 Jeroen Schmit, Wordpress 2 Theater For Wordpress, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.18.8.
CVE-2025-58019 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Search Atlas Group Search Atlas SEO metasync allows Stored XSS.This issue affects Search Atlas SEO: from n/a through <= 2.5.4.
CVE-2025-57986 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP Subtitle wp-subtitle allows Stored XSS.This issue affects WP Subtitle: from n/a through <= 3.4.1.
CVE-2025-57979 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson AuthorSure authorsure allows Stored XSS.This issue affects AuthorSure: from n/a through <= 2.3.
CVE-2025-57974 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tuyennv TZ PlusGallery tz-plus-gallery allows Stored XSS.This issue affects TZ PlusGallery: from n/a through <= 1.5.5.
CVE-2025-57965 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3.
CVE-2025-57963 1 Wordpress 1 Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through <= 4.1.
CVE-2025-57953 2 100plugins, Wordpress 2 Open User Map, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through <= 1.4.14.
CVE-2025-57952 2 Icopydoc, Wordpress 2 Maps For Wp, Wordpress 2026-04-15 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through <= 1.2.5.