Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11905 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-66527 1 Wordpress 1 Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6.
CVE-2025-66526 2 Essekia, Wordpress 2 Tablesome Table, Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
CVE-2025-66525 2 Elasticemail, Wordpress 2 Elastic Email Sender, Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20.
CVE-2025-66143 1 Wordpress 1 Wordpress 2026-04-01 5.4 Medium
Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.
CVE-2025-66142 2 Merkulove, Wordpress 2 Comparimager For Elementor, Wordpress 2026-04-01 5.4 Medium
Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.
CVE-2025-66141 1 Wordpress 1 Wordpress 2026-04-01 5.4 Medium
Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.
CVE-2025-66140 2 Merkulove, Wordpress 2 Uper For Elementor, Wordpress 2026-04-01 5.4 Medium
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
CVE-2025-66139 2 Merkulove, Wordpress 2 Audier For Elementor, Wordpress 2026-04-01 5.4 Medium
Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.
CVE-2025-66138 2 Merkulove, Wordpress 2 Motionger For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.
CVE-2025-66137 2 Merkulove, Wordpress 2 Searcher For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.
CVE-2025-66136 2 Merkulove, Wordpress 2 Carter For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.
CVE-2025-66135 2 Merkulove, Wordpress 2 Imager For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.
CVE-2025-66061 3 Castos, Craig Hewitt, Wordpress 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress 2026-04-01 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66060 3 Castos, Craig Hewitt, Wordpress 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress 2026-04-01 5.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66059 3 Castos, Craig Hewitt, Wordpress 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress 2026-04-01 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-64384 1 Wordpress 1 Wordpress 2026-04-01 6.3 Medium
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
CVE-2025-64383 1 Wordpress 1 Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.
CVE-2025-64382 2 Webtoffee, Wordpress 2 Order Export & Order Import For Woocommerce, Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7.
CVE-2025-64381 2 Wordpress, Wpdevelop 2 Wordpress, Booking Calendar 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.
CVE-2025-64380 3 Booster, Pluggabl, Wordpress 3 Booster For Woocommerce, Booster For Woocommerce, Wordpress 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.