Search

Expected end of text, found ':' (at char 28), (line:1, col:29)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346605 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-63074 2 Dream-theme, Wordpress 2 The7, Wordpress 2026-04-24 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through < 12.8.1.1.
CVE-2025-63075 2 Muffingroup, Wordpress 2 Betheme, Wordpress 2026-04-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.2.
CVE-2025-63077 3 Elementor, Happymonster, Wordpress 3 Elementor, Happy Addons For Elementor, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3.
CVE-2025-66533 2 Stellarwp, Wordpress 2 Givewp, Wordpress 2026-04-24 6.5 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.
CVE-2025-67467 2 Stellarwp, Wordpress 2 Givewp, Wordpress 2026-04-24 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.
CVE-2023-23729 2 Brainstormforce, Wordpress 2 Spectra, Wordpress 2026-04-24 5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.3.0.
CVE-2025-54004 1 Wordpress 1 Wordpress 2026-04-24 2.7 Low
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
CVE-2025-54005 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
CVE-2025-54045 2 Cminds, Wordpress 2 Cm On Demand Search And Replace, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
CVE-2025-59001 2 Themenectar, Wordpress 2 Salient Core, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
CVE-2025-59009 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5.
CVE-2025-64237 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
CVE-2025-64238 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
CVE-2025-64239 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2.
CVE-2025-64240 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4.
CVE-2025-64241 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4.
CVE-2025-64242 2 Merv Barrett, Wordpress 2 Easy Property Listings, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.22.
CVE-2025-64243 2 E-plugins, Wordpress 2 Directory Pro, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2025-64244 3 Codexpert, Elementor, Wordpress 3 Restrict Elementor Widgets Columns And Sections, Elementor, Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through <= 1.12.
CVE-2025-64245 1 Wordpress 1 Wordpress 2026-04-24 4.3 Medium
Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through <= 1.5.12.