Search

Expected end of text, found '.' (at char 34), (line:1, col:35)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57966 2 Ghozylab, Wordpress 2 Gallery Lightbox, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery Lightbox gallery-lightbox-slider allows Stored XSS.This issue affects Gallery Lightbox: from n/a through <= 1.0.0.41.
CVE-2025-57964 2 Photonicgnostic, Wordpress 2 Library Bookshelves, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in photonicgnostic Library Bookshelves library-bookshelves allows Stored XSS.This issue affects Library Bookshelves: from n/a through <= 5.11.
CVE-2025-57963 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing zoho-subscriptions allows DOM-Based XSS.This issue affects Zoho Billing: from n/a through <= 4.1.
CVE-2025-57962 2 E4jconnect, Wordpress 2 Vikrestaurants Table Reservations And Take-away, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Stored XSS.This issue affects VikRestaurants: from n/a through <= 1.5.1.
CVE-2025-57961 2 Codexpert, Wordpress 2 Codesigner, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.
CVE-2025-57960 2 Travelmap, Wordpress 2 Travelmap, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map travelmap-blog allows Cross Site Request Forgery.This issue affects Travel Map: from n/a through <= 1.0.3.
CVE-2025-57959 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmatsuur Slightly troublesome permalink slightly-troublesome-permalink allows Stored XSS.This issue affects Slightly troublesome permalink: from n/a through <= 1.2.0.
CVE-2025-57958 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through <= 1.6.3.
CVE-2025-57957 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in wpcraft WooMS wooms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooMS: from n/a through <= 9.12.
CVE-2025-57956 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Stored XSS.This issue affects WooMS: from n/a through <= 9.12.
CVE-2025-57955 2 Plugin-devs, Wordpress 2 Post Carousel Slider For Elementor, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Carousel Slider for Elementor: from n/a through <= 1.7.0.
CVE-2025-57954 2 Ays-pro, Wordpress 2 Poll Maker, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker poll-maker allows DOM-Based XSS.This issue affects Poll Maker: from n/a through <= 6.0.2.
CVE-2025-57953 2 100plugins, Wordpress 2 Open User Map, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through <= 1.4.14.
CVE-2025-57952 2 Icopydoc, Wordpress 2 Maps For Wp, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through <= 1.2.5.
CVE-2025-57951 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ken107 SiteNarrator Text-to-Speech Widget sitespeaker-widget allows Stored XSS.This issue affects SiteNarrator Text-to-Speech Widget: from n/a through <= 1.9.
CVE-2025-57950 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glen Scott Plugin Security Scanner plugin-security-scanner allows Stored XSS.This issue affects Plugin Security Scanner: from n/a through <= 2.0.2.
CVE-2025-57949 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through <= 1.0.6.
CVE-2025-57948 2 E-plugins, Wordpress 2 Directory Pro, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows DOM-Based XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.
CVE-2025-57947 2 Ays-pro, Wordpress 2 Photo Gallery, Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Photo Gallery by Ays gallery-photo-gallery allows DOM-Based XSS.This issue affects Photo Gallery by Ays: from n/a through <= 6.3.8.
CVE-2025-57946 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.