Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44923 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58614 2 Tooltipy, Wordpress 2 Tooltipy, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through <= 5.5.6.
CVE-2025-58612 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.5.
CVE-2025-58610 2 Wordpress, Wpchill 2 Wordpress, Gallery Photoblocks 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows Stored XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.1.
CVE-2025-58609 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Stored XSS.This issue affects Latest Post Shortcode: from n/a through <= 14.0.3.
CVE-2025-58607 2 Gdprinfo, Wordpress 2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice &amp; Consent Banner for GDPR &amp; CCPA Compliance cookie-notice-and-consent-banner allows Stored XSS.This issue affects Cookie Notice &amp; Consent Banner for GDPR &amp; CCPA Compliance: from n/a through <= 1.7.11.
CVE-2025-58605 2 Wordpress, Wpdelicious 2 Wordpress, Wp Delicious 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious delicious-recipes allows Stored XSS.This issue affects WP Delicious: from n/a through <= 1.8.7.
CVE-2025-58602 2 If-so, Wordpress 3 Dynamic Content Personalization, If-so, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through <= 1.9.4.
CVE-2025-58596 2 Mailoptin, Wordpress 2 Mailoptin, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin mailoptin allows Stored XSS.This issue affects MailOptin: from n/a through <= 1.2.75.0.
CVE-2025-58593 2 Themeisle, Wordpress 2 Orbit Fox, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 3.0.0.
CVE-2025-58271 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio anyclip-media allows Stored XSS.This issue affects AnyClip Luminous Studio: from n/a through <= 1.3.3.
CVE-2025-58269 2 Wedevs, Wordpress 2 Wp Project Manager, Wordpress 2026-04-01 N/A
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 2.6.25.
CVE-2025-58266 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through <= 6.0.0.
CVE-2025-58265 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager &#8211; OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager &#8211; OpenStreetMaps: from n/a through <= 4.2.1.
CVE-2025-58264 2 Artbees, Wordpress 2 Jupiter X Core, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core jupiterx-core allows Stored XSS.This issue affects JupiterX Core: from n/a through <= 4.11.0.
CVE-2025-58263 2 Buddypress, Wordpress 2 Buddypress, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through <= 1.3.3.
CVE-2025-58260 2 Ronald Huereca, Wordpress 2 Highlight And Share, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Stored XSS.This issue affects Highlight and Share: from n/a through <= 5.1.1.
CVE-2025-58257 2 Picture-planet, Wordpress 2 Verowa Connect, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Stored XSS.This issue affects Verowa Connect: from n/a through <= 3.2.3.
CVE-2025-58256 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Brinley DOAJ Export doaj-export allows Stored XSS.This issue affects DOAJ Export: from n/a through <= 1.0.4.
CVE-2025-58254 3 Dtbaker, Elementor, Wordpress 3 Stylepress, Elementor, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dtbaker StylePress for Elementor full-site-builder-for-elementor allows Stored XSS.This issue affects StylePress for Elementor: from n/a through <= 1.2.1.
CVE-2025-58253 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows DOM-Based XSS.This issue affects Real Estate Manager: from n/a through <= 7.3.