Search

Expected end of text, found '.' (at char 38), (line:1, col:39)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (328518 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68070 2 Vektor, Wordpress 2 Vk Google Job Posting Manager, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through <= 1.2.21.
CVE-2025-68054 1 Wordpress 1 Wordpress 2026-01-20 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
CVE-2025-68079 2 Themenectar, Wordpress 2 Salient Core, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through <= 1.5.4.
CVE-2025-68078 2 Themenectar, Wordpress 2 Salient Core, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Portfolio salient-portfolio allows Stored XSS.This issue affects Salient Portfolio: from n/a through <= 1.8.2.
CVE-2025-67937 2 Mikado-themes, Wordpress 2 Hendon, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7.
CVE-2025-67951 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through <= 1.2.10.
CVE-2025-68067 2 Select-themes, Wordpress 2 Stockholm Core, Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6.
CVE-2025-68077 2 Select-themes, Wordpress 2 Stockholm, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm stockholm allows Stored XSS.This issue affects Stockholm: from n/a through <= 9.14.1.
CVE-2025-68080 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal User Avatar - Reloaded user-avatar-reloaded allows Stored XSS.This issue affects User Avatar - Reloaded: from n/a through <= 1.2.2.
CVE-2025-67965 2 Favethemes, Wordpress 2 Homey, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3.
CVE-2025-68061 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.
CVE-2025-68014 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26.
CVE-2025-68029 2 Wordpress, Wpswings 2 Wordpress, Wallet System For Woocommerce 2026-01-20 6.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2.
CVE-2025-68068 2 Select-themes, Wordpress 2 Stockholm, Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through <= 9.14.1.
CVE-2025-67999 2 Stefanno Lissa, Wordpress 2 Newsletter, Wordpress 2026-01-20 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.
CVE-2025-67962 2 Aioseo, Wordpress 2 Broken Link Checker, Wordpress 2026-01-20 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.
CVE-2025-68076 2 Select-themes, Wordpress 2 Stockholm Core, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through <= 2.4.6.
CVE-2025-67983 2 Osama.esh, Wordpress 2 Wp Visitor Statistics (real Time Traffic), Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3.
CVE-2025-68066 2 Pencidesign, Wordpress 2 Soledad, Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0.
CVE-2025-68071 2 G5theme, Wordpress 2 Essential Real Estate, Wordpress 2026-01-20 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.2.