Search

Expected end of text, found '/' (at char 34), (line:1, col:35)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346313 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68606 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-04-23 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2025-68605 2 Pickplugins, Wordpress 2 Post Grid, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.23.
CVE-2025-68603 2 Marketing Fire, Wordpress 2 Editorial Calendar, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
CVE-2025-68602 2 Scott Paterson, Wordpress 2 Accept Donations With Paypal, Wordpress 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.5.2.
CVE-2025-68601 2 Rustaurius, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-04-23 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.8.
CVE-2025-68600 2 Wordpress, Ylefebvre 2 Wordpress, Link Library 2026-04-23 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.7.
CVE-2025-68599 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4.
CVE-2025-68598 2 Livecomposer, Wordpress 2 Page Builder: Live Composer, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.1.13.
CVE-2025-68597 2 Blueglass, Wordpress 2 Jobs For Wordpress, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.8.1.
CVE-2025-68596 2 Bitapps, Wordpress 2 Bit Assist, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
CVE-2025-68595 2 Trustindex, Wordpress 2 Widgets For Social Photo Feed, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
CVE-2025-68594 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.0.
CVE-2025-68593 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
CVE-2025-68592 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
CVE-2025-68591 2 Mitchell Bennis, Wordpress 2 Simple File List, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
CVE-2025-68590 2 Crm Perks, Wordpress 2 Integration For Contact Form 7 Hubspot, Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2.
CVE-2024-2374 1 Wso2 10 Api Manager, Identity Server, Identity Server As Key Manager and 7 more 2026-04-23 7.5 High
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources.
CVE-2025-68589 2 Wordpress, Wpsocio 2 Wordpress, Wp Telegram Widget And Join Link 2026-04-23 5.3 Medium
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.12.
CVE-2025-68588 2 Total-soft, Wordpress 2 Ts Poll, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2025-68587 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.