Search

Expected end of text, found '.' (at char 12), (line:1, col:13)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (328471 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58900 2 Ancorathemes, Wordpress 2 Unitravel, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UniTravel unitravel allows PHP Local File Inclusion.This issue affects UniTravel: from n/a through <= 1.4.2.
CVE-2025-58889 2 Axiomthemes, Wordpress 2 Towny, Wordpress 2026-01-20 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through <= 1.16.
CVE-2025-58877 2 Javothemes, Wordpress 2 Javo Core, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-58888 2 Ancorathemes, Wordpress 2 Theflash, Wordpress 2026-01-20 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through <= 1.15.
CVE-2025-58898 2 Ancorathemes, Wordpress 2 Healthhub, Wordpress 2026-01-20 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes HealthHub healthhub allows PHP Local File Inclusion.This issue affects HealthHub: from n/a through <= 1.3.0.
CVE-2025-58892 2 Ancorathemes, Wordpress 2 Tourimo, Wordpress 2026-01-20 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tourimo tourimo allows PHP Local File Inclusion.This issue affects Tourimo: from n/a through <= 1.2.3.
CVE-2025-58709 2 Axiomthemes, Wordpress 2 Legacy, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through <= 1.9.
CVE-2025-58708 2 Axiomthemes, Wordpress 2 777, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through <= 1.3.
CVE-2025-58710 1 Wordpress 1 Wordpress 2026-01-20 8.6 High
Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.
CVE-2025-58638 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2026-01-20 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3.
CVE-2025-58636 2 Crm Perks, Wordpress 2 Wp Gravity Forms Keap/infusionsoft, Wordpress 2026-01-20 9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.3.
CVE-2025-58706 2 Axiomthemes, Wordpress 2 Woo Hoo, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through <= 1.25.
CVE-2025-5803 2 Vikwp, Wordpress 2 Vikbooking Hotel Booking Engine & Pms, Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.
CVE-2025-58619 1 Wordpress 1 Wordpress 2026-01-20 8.8 High
Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.
CVE-2025-58627 1 Wordpress 1 Wordpress 2026-01-20 9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through < 2.0.9.
CVE-2025-58629 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9.
CVE-2025-58592 2 Cozmoslabs, Wordpress 2 Translatepress, Wordpress 2026-01-20 8.1 High
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.
CVE-2025-58595 2 Saad Iqbal, Wordpress 2 All In One Login, Wordpress 2026-01-20 9.1 Critical
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8.
CVE-2025-58225 2 Axiomthemes, Wordpress 2 Paragon, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.
CVE-2025-58243 1 Wordpress 1 Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0.