Search

Expected end of text, found '.' (at char 17), (line:1, col:18)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (342055 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-60083 3 Add-ons.org, Woocommerce, Wordpress 3 Pdf Invoice Builder For Woocommerce, Woocommerce, Wordpress 2026-04-01 8.8 High
Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 6.5.0.
CVE-2025-60082 2 Add-ons.org, Wordpress 2 Pdf For Wpforms, Wordpress 2026-04-01 8.8 High
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.5.0.
CVE-2025-60081 1 Wordpress 1 Wordpress 2026-04-01 8.8 High
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.5.0.
CVE-2025-60080 1 Wordpress 1 Wordpress 2026-04-01 7.5 High
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0.
CVE-2025-60078 1 Wordpress 1 Wordpress 2026-04-01 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia &#8211; Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through <= 3.0.2.
CVE-2025-60076 2 Jbhovik, Wordpress 2 Ray Enterprise Translation, Wordpress 2026-04-01 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.1.
CVE-2025-60071 3 Don-themes, Woocommerce, Wordpress 3 Riode, Woocommerce, Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Riode riode allows PHP Local File Inclusion.This issue affects Riode: from n/a through <= 1.6.23.
CVE-2025-54045 2 Cminds, Wordpress 2 Cm On Demand Search And Replace, Wordpress 2026-04-01 4.3 Medium
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
CVE-2025-54004 1 Wordpress 1 Wordpress 2026-04-01 2.6 Low
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
CVE-2025-53436 1 Wordpress 1 Wordpress 2026-04-01 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Monki monki allows PHP Local File Inclusion.This issue affects Monki: from n/a through <= 2.0.5.
CVE-2025-53428 2 N-media, Wordpress 2 Simple User Registration, Wordpress 2026-04-01 8.8 High
Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8.
CVE-2025-53425 2 Dokan, Wordpress 2 Dokan, Wordpress 2026-04-01 7.6 High
Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.3.
CVE-2025-53286 1 Wordpress 1 Wordpress 2026-04-01 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through <= 4.7.2.
CVE-2025-52757 1 Wordpress 1 Wordpress 2026-04-01 6.3 Medium
Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.
CVE-2025-52756 2 Sayandatta, Wordpress 2 Wp Last Modified Info, Wordpress 2026-04-01 7.4 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <= 1.9.4.
CVE-2025-52753 2 Supsystic, Wordpress 2 Contact Form, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.36.
CVE-2025-52743 2 Bobbingwide, Wordpress 2 Oik, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through <= 1.4.10.
CVE-2025-52735 2 Wordpress, Xlplugins 2 Wordpress, Nextmove 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0.
CVE-2025-52719 2026-04-01 N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
CVE-2025-49962 2 Usestrict, Wordpress 2 Bbpress Notify, Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through <= 2.19.5.