Search

Expected end of text, found '.' (at char 10), (line:1, col:11)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341846 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-63016 2 Quadlayers, Wordpress 2 Tiktok Feed, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-63014 2 Serhii Pasiuk, Wordpress 2 Gmedia Photo Gallery, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through <= 1.25.0.
CVE-2025-63005 2 Tooltips, Wordpress 2 Wordpress Tooltips, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips wordpress-tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through <= 10.9.3.
CVE-2025-63004 2 Skynet Technologies, Wordpress 2 All In One Accessibility, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through <= 1.15.
CVE-2025-63002 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in wpforchurch Sermon Manager sermon-manager-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through <= 2.30.0.
CVE-2025-63001 2 Nicdark, Wordpress 2 Hotel Booking, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
CVE-2025-63000 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpforchurch Sermon Manager sermon-manager-for-wordpress allows Stored XSS.This issue affects Sermon Manager: from n/a through <= 2.30.0.
CVE-2025-62998 1 Wordpress 1 Wordpress 2026-04-01 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
CVE-2025-62992 2 Everestthemes, Wordpress 2 Everest Backup, Wordpress 2026-04-01 8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.
CVE-2025-62991 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Minamaze minamaze allows Stored XSS.This issue affects Minamaze: from n/a through <= 1.10.1.
CVE-2025-62990 2 Livemesh, Wordpress 2 Livemesh Addons For Beaver Builder, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through <= 3.9.2.
CVE-2025-62989 2 Boxystudio, Wordpress 2 Cooked, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through <= 1.11.3.
CVE-2025-62961 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in sparklewpthemes Sparkle FSE sparkle-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through <= 1.0.9.
CVE-2025-62960 2 Sparkle Wp, Wordpress 2 Construction Light, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through <= 1.6.7.
CVE-2025-62955 1 Wordpress 1 Wordpress 2026-04-01 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Retrieve Embedded Sensitive Data.This issue affects TempTool [Show Current Template Info]: from n/a through <= 1.3.1.
CVE-2025-62926 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Stored XSS.This issue affects TempTool [Show Current Template Info]: from n/a through <= 1.3.1.
CVE-2025-62901 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tormorten WP Microdata wp-microdata allows Stored XSS.This issue affects WP Microdata: from n/a through <= 1.0.
CVE-2025-62888 2 Marcomilesi, Wordpress 2 Wp Attachments, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2.
CVE-2025-62880 2 Kunalnagar, Wordpress 2 Custom 404 Pro, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through <= 3.12.0.
CVE-2025-62874 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through <= 0.3.6.