Search

Expected end of text, found '.' (at char 48), (line:1, col:49)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341827 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-39593 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through <= 2.1.5.
CVE-2025-39592 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through <= 1.3.0.
CVE-2025-39591 2026-04-01 N/A
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.
CVE-2025-39590 1 Wpdeveloper 1 Essential Addons For Elementor 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
CVE-2025-39589 1 Wpdeveloper 1 Essential Addons For Elementor 2026-04-01 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
CVE-2025-39588 2026-04-01 N/A
Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Object Injection.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.4.0.
CVE-2025-39587 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65.
CVE-2025-39586 1 Metagauss 1 Profilegrid 2026-04-01 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.
CVE-2025-39585 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Stored XSS.This issue affects Travelfic Toolkit: from n/a through <= 1.2.1.
CVE-2025-39584 1 Themewinter 1 Eventin 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.25.
CVE-2025-39583 2026-04-01 N/A
Missing Authorization vulnerability in Bertha AI &#8211; Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2.
CVE-2025-39582 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access wp-data-access allows DOM-Based XSS.This issue affects WP Data Access: from n/a through <= 5.5.36.
CVE-2025-39581 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through <= 2.1.3.
CVE-2025-39580 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.
CVE-2025-39579 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through <= 2.8.0.
CVE-2025-39578 1 Cyberchimps 1 Responsive Blocks 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects Responsive Blocks: from n/a through <= 2.0.2.
CVE-2025-39577 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.2.
CVE-2025-39576 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows Stored XSS.This issue affects WPAdverts: from n/a through <= 2.2.1.
CVE-2025-39575 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa wpcasa allows Stored XSS.This issue affects WPCasa: from n/a through <= 1.3.2.
CVE-2025-39574 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Stored XSS.This issue affects Uix Shortcodes: from n/a through <= 2.0.4.