Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10499 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26975 2026-04-15 N/A
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Strong Testimonials: from n/a through <= 3.2.3.
CVE-2023-33324 2026-04-15 6.5 Medium
Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.
CVE-2025-32224 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Shivam Mani Tripathi Privyr CRM Integration privy-crm-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Privyr CRM Integration: from n/a through <= 1.0.2.
CVE-2025-32232 2 Era404, Wordpress 2 Stafflist, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
CVE-2025-32234 2026-04-15 N/A
Missing Authorization vulnerability in aleswebs AdMail – Multilingual Back in-Stock Notifier for WooCommerce admail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdMail – Multilingual Back in-Stock Notifier for WooCommerce: from n/a through <= 1.7.0.
CVE-2025-32239 2026-04-15 N/A
Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io wp-share-buttons-analytics-by-getsocial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through <= 4.5.
CVE-2025-32246 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Tim Nguyen 1-Click Backup &amp; Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup &amp; Restore Database: from n/a through <= 1.0.3.
CVE-2024-51417 2026-04-15 6.4 Medium
An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields.
CVE-2025-9194 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean() function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a theme clean.
CVE-2024-53798 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through <= 7.3.0.
CVE-2025-54741 1 Wordpress 1 Wordpress 2026-04-15 8.6 High
Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0.
CVE-2025-57894 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in ollybach WPPizza wppizza allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPPizza: from n/a through <= 3.19.8.
CVE-2025-57896 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <= 5.0.26.
CVE-2025-57909 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette editor-custom-color-palette allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Custom Color Palette: from n/a through <= 3.5.6.
CVE-2025-57936 2 Meitar, Wordpress 2 Subresource Integrity Manager, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integrity (SRI) Manager: from n/a through <= 0.4.0.
CVE-2025-57944 2 Skimlinks, Wordpress 2 Affiliate Marketing Tool, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool skimlinks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Skimlinks Affiliate Marketing Tool: from n/a through <= 1.3.
CVE-2025-57987 2 Thimpress, Wordpress 2 Wp Events Manager, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through <= 2.2.1.
CVE-2025-58009 2 Cp Multi View Event Calendar Project, Wordpress 2 Cp Multi View Event Calendar, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
CVE-2025-62980 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.
CVE-2024-3932 1 Totara 1 Enterprise Lms 2026-04-15 3.1 Low
A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component.