Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45562 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25089 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appten Image Rotator appten-image-rotator allows Reflected XSS.This issue affects Image Rotator: from n/a through <= 2.0.
CVE-2025-25087 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim seekXL Snapr seekxl-snapr allows Reflected XSS.This issue affects seekXL Snapr: from n/a through <= 2.0.6.
CVE-2025-25085 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather wp-simpleweather allows Stored XSS.This issue affects WP SimpleWeather: from n/a through <= 0.2.5.
CVE-2025-25083 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dave Lavoie EP4 More Embeds ep4-more-embeds allows Stored XSS.This issue affects EP4 More Embeds: from n/a through <= 1.0.0.
CVE-2025-25082 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search flexidx-home-search allows Stored XSS.This issue affects FlexIDX Home Search: from n/a through <= 2.1.2.
CVE-2025-25080 2 Gubbigubbi, Wordpress 2 Kona Gallery Block, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block kona-instagram-feed-for-gutenberg allows Stored XSS.This issue affects Kona Gallery Block: from n/a through <= 1.7.
CVE-2025-25079 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through <= 3.2.
CVE-2025-25078 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed google-earth-tours allows Stored XSS.This issue affects Google Earth Embed: from n/a through <= 1.0.
CVE-2025-25077 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress easy-chart-builder allows Stored XSS.This issue affects Easy Chart Builder for WordPress: from n/a through <= 1.3.
CVE-2025-25076 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation graceful-email-obfuscation allows Stored XSS.This issue affects Graceful Email Obfuscation: from n/a through <= 0.2.2.
CVE-2025-25073 1 Wordpress 1 Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles easy-wp-tiles allows Stored XSS.This issue affects Easy WP Tiles: from n/a through <= 1.
CVE-2025-25070 1 Wordpress 1 Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ed atrero Album Reviewer albumreviewer allows Stored XSS.This issue affects Album Reviewer: from n/a through <= 2.0.2.
CVE-2025-24781 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard wpjobboard allows Reflected XSS.This issue affects WPJobBoard: from n/a through <= 5.10.1.
CVE-2025-24774 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows Reflected XSS.This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through <= 3.2.0.
CVE-2025-24771 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light content-manager-light allows Reflected XSS.This issue affects Content Manager Light: from n/a through <= 3.2.
CVE-2025-24764 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones (Simply) Guest Author Name guest-author-name allows DOM-Based XSS.This issue affects (Simply) Guest Author Name: from n/a through <= 4.36.
CVE-2025-24758 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through <= 2.0.8.
CVE-2025-24755 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Stored XSS.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 4.6.0.
CVE-2025-24752 2 Wordpress, Wpdeveloper 2 Wordpress, Essential Addons For Elementor 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.
CVE-2025-24746 1 Code-atlantic 1 Popup Maker 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through <= 1.20.2.