Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9518 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-64196 3 Booster, Pluggabl, Wordpress 3 Booster For Woocommerce, Booster For Woocommerce, Wordpress 2026-01-20 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5.
CVE-2025-64193 2 8theme, Wordpress 2 Xstore, Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through < 9.6.1.
CVE-2025-64192 2 8theme, Wordpress 2 Xstore, Wordpress 2026-01-20 6.3 Medium
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
CVE-2025-64191 2 8theme, Wordpress 2 Xstore, Wordpress 2026-01-20 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1.
CVE-2025-64190 2 8theme, Wordpress 2 Xstore Core, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6.
CVE-2025-64189 2 8theme, Wordpress 2 Xstore Core, Wordpress 2026-01-20 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6.
CVE-2025-64188 2 Pencidesign, Wordpress 2 Soledad, Wordpress 2026-01-20 9.8 Critical
Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.
CVE-2025-63043 2 Pickplugins, Wordpress 2 Post Grid, Wordpress 2026-01-20 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.
CVE-2025-63039 2 Cridio, Wordpress 2 Listingpro, Wordpress 2026-01-20 6.5 Medium
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63038 2 Northern Beaches Websites, Wordpress 2 Wp Custom Admin Interface, Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40.
CVE-2025-63032 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Consulting allows Stored XSS.This issue affects Consulting: from n/a through 1.5.0.
CVE-2025-63027 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webcreations907 WBC907 Core allows Stored XSS.This issue affects WBC907 Core: from n/a through 3.4.1.
CVE-2025-63021 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3.
CVE-2025-63002 1 Wordpress 1 Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0.
CVE-2025-62998 1 Wordpress 1 Wordpress 2026-01-20 5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7.
CVE-2025-62992 2 Everestthemes, Wordpress 2 Everest Backup, Wordpress 2026-01-20 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Everest themes Everest Backup allows Path Traversal.This issue affects Everest Backup: from n/a through 2.3.9.
CVE-2025-62991 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Minamaze allows Stored XSS.This issue affects Minamaze: from n/a through 1.10.1.
CVE-2025-62988 1 Wordpress 1 Wordpress 2026-01-20 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
CVE-2025-62987 2 Builderall, Wordpress 2 Builder For Wordpress, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.
CVE-2025-62985 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through <= 1.6.3.