Search

Expected end of text, found '.' (at char 12), (line:1, col:13)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (341807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48333 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through < 4.19.1.
CVE-2025-48332 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through <= 3.3.1.
CVE-2025-48331 2026-04-01 N/A
Insertion of Sensitive Information Into Sent Data vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-customers-exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.0.
CVE-2025-48329 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
CVE-2025-48328 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0.
CVE-2025-48327 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through <= 1.0.7.
CVE-2025-48326 1 Wordpress 1 Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer acclectic-media-organizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acclectic Media Organizer: from n/a through <= 1.4.
CVE-2025-48325 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme wp-admin-theme allows Stored XSS.This issue affects WP Admin Theme: from n/a through <= 1.0.
CVE-2025-48324 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khashabawy tli.tl auto Twitter poster tlitl-auto-twitter-poster allows Stored XSS.This issue affects tli.tl auto Twitter poster: from n/a through <= 3.4.
CVE-2025-48323 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu advance-food-menu allows Stored XSS.This issue affects Advance Food Menu: from n/a through <= 1.0.
CVE-2025-48322 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget statify-widget allows Stored XSS.This issue affects Statify Widget: from n/a through <= 1.4.6.
CVE-2025-48321 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget ultimate-twitter-profile-widget allows Stored XSS.This issue affects Ultimate twitter profile widget: from n/a through <= 1.0.
CVE-2025-48320 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through <= 1.0.6.
CVE-2025-48319 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget mesa-mesa-reservation-widget allows Stored XSS.This issue affects Mesa Mesa Reservation Widget: from n/a through <= 1.0.0.
CVE-2025-48318 1 Wordpress 1 Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through <= 1.2.
CVE-2025-48317 2026-04-01 N/A
Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9.
CVE-2025-48316 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ItayXD Responsive Mobile-Friendly Tooltip responsive-mobile-friendly-tooltip allows Stored XSS.This issue affects Responsive Mobile-Friendly Tooltip: from n/a through <= 1.6.6.
CVE-2025-48315 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTML: from n/a through <= 0.51.
CVE-2025-48314 1 Wordpress 1 Wordpress 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head add-code-to-head allows Stored XSS.This issue affects Add Code To Head: from n/a through <= 1.17.
CVE-2025-48313 2026-04-01 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through <= 2.2.