Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (13157 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-67971 2 Wordpress, Wpmanageninja 2 Wordpress, Fluentcart 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0.
CVE-2025-67579 2 Vanquish, Wordpress 2 User Extra Fields, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-67576 2 Quantumcloud, Wordpress 2 Simple Link Directory, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-67978 2 Fixbd, Wordpress 2 Educare, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.
CVE-2025-67980 2 Thembay, Wordpress 2 Hara, Wordpress 2026-04-15 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17.
CVE-2025-67982 2 Thembay, Wordpress 2 Urna, Wordpress 2026-04-15 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
CVE-2025-67617 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3.
CVE-2025-67988 2 Loftocean, Wordpress 2 Cozystay, Wordpress 2026-04-15 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1.
CVE-2025-67990 2 Realmag777, Wordpress 2 Gmap Targeting, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through <= 1.1.7.
CVE-2025-67991 2 Vanquish, Wordpress 2 User Extra Fields, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-67993 2 Vito Peleg, Wordpress 2 Atarim, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.
CVE-2025-67573 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6.
CVE-2025-67995 2 Loftocean, Wordpress 2 Patiotime, Wordpress 2026-04-15 9.8 Critical
Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1.
CVE-2025-67996 2 Boldthemes, Wordpress 2 Nestin, Wordpress 2026-04-15 9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.
CVE-2025-67997 2 Boldthemes, Wordpress 2 Travelicious, Wordpress 2026-04-15 9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.
CVE-2025-67998 2 Kamleshyadav, Wordpress 2 Miraculous Elementor, Wordpress 2026-04-15 8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.
CVE-2025-67572 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVE-2025-67571 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.
CVE-2025-68006 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.
CVE-2025-67568 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.