Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22515 2 Ancorathemes, Wordpress 2 Vegadays, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0.
CVE-2026-24993 2 Wordpress, Wpfactory 2 Wordpress, Advanced Woocommerce Product Sales Reporting 2026-04-24 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3.
CVE-2026-24971 2 Elated-themes, Wordpress 2 Search And Go Theme, Wordpress 2026-04-24 9.8 Critical
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2026-24975 2 Nootheme, Wordpress 2 Organici Library, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-25030 2 Park Of Ideas, Wordpress 2 Goldish, Wordpress 2026-04-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47.
CVE-2026-25341 2 Rsjoomla, Wordpress 2 Rsfirewall!, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.
CVE-2026-24981 2 Nootheme, Wordpress 2 Visionary Core, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-25360 2 Rascals, Wordpress 2 Vex, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.
CVE-2026-23977 2 Wordpress, Wpfactory 2 Wordpress, Helpdesk Support Ticket System For Woocommerce 2026-04-24 7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-22516 2 Ancorathemes, Wordpress 2 Wizor's, Wordpress 2026-04-24 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12.
CVE-2026-23807 2 Wordpress, Wpsocio 2 Wordpress, Wp Telegram Widget And Join Link 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.13.
CVE-2026-25356 2 Skygroup, Wordpress 2 Yobazar, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.
CVE-2026-23806 2 Blueglass Interactive Ag, Wordpress 2 Jobs For Wordpress, Wordpress 2026-04-24 7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-24974 2 Nootheme, Wordpress 2 Citilights, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.
CVE-2026-25361 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through <= 5.1.4.
CVE-2026-25359 2 Rascals, Wordpress 2 Pendulum, Wordpress 2026-04-24 8.8 High
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.
CVE-2026-25009 2 Rarathemes, Wordpress 2 Education Zone, Wordpress 2026-04-24 6.5 Medium
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.
CVE-2026-24989 2 Fantasticplugins, Wordpress 2 Sumo Affiliates Pro, Wordpress 2026-04-24 9.8 Critical
Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0.
CVE-2026-24973 2 Nootheme, Wordpress 2 Citilights, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through <= 3.7.1.
CVE-2025-6229 2 Shaosina, Wordpress 2 Sina Extension For Elementor, Wordpress 2026-04-24 6.4 Medium
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Widget` DOM attributes in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.