Search

Expected end of text, found '.' (at char 49), (line:1, col:50)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-60040 2 Fkrauthan, Wordpress 2 Wp-mpdf, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through <= 3.9.1.
CVE-2025-59592 3 Elementor, Fernando Acosta, Wordpress 3 Elementor, Make Column Clickable Elementor, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor make-column-clickable-elementor allows Stored XSS.This issue affects Make Column Clickable Elementor: from n/a through <= 1.6.0.
CVE-2025-59591 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.33.
CVE-2025-59590 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through <= 3.28.
CVE-2025-59589 2 Pencidesign, Wordpress 2 Soledad, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.6.8.
CVE-2025-59588 2 Pencidesign, Wordpress 2 Soledad, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.6.8.
CVE-2025-59587 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through < 6.1.
CVE-2025-59586 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Portfolio penci-portfolio allows DOM-Based XSS.This issue affects Penci Portfolio: from n/a through <= 3.5.
CVE-2025-59585 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.0.
CVE-2025-59584 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through <= 1.6.
CVE-2025-59583 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows DOM-Based XSS.This issue affects Penci Filter Everything: from n/a through < 1.7.
CVE-2025-59582 1 Wordpress 1 Wordpress 2026-04-01 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through <= 7.6.0.2.
CVE-2025-59581 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3.
CVE-2025-59577 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2026-04-01 N/A
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
CVE-2025-59576 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
CVE-2025-59574 2 Wordpress, Wptravelengine 2 Wordpress, Wp Travel Engine 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine wte-elementor-widgets allows Stored XSS.This issue affects WP Travel Engine: from n/a through <= 1.4.2.
CVE-2025-59573 2 Cozythemes, Wordpress 2 Cozy Blocks, Wordpress 2026-04-01 N/A
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks cozy-addons allows Code Injection.This issue affects Cozy Blocks: from n/a through <= 2.1.29.
CVE-2025-59572 2 Purethemes, Wordpress 2 Workscout Core, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06.
CVE-2025-59570 2 Wordpress, Wpfunnels 2 Wordpress, Mail Mint Plugin 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.6.
CVE-2025-59569 2 Cubewp, Wordpress 2 Cubewp, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through <= 1.1.26.