Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9040 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-58937 2 Axiomthemes, Wordpress 2 Tacticool, Wordpress 2026-01-05 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through <= 1.0.13.
CVE-2025-62081 3 Channelize.io, Woocommerce, Wordpress 3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress 2026-01-05 5.3 Medium
Missing Authorization vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0.
CVE-2025-58929 2 Axiomthemes, Wordpress 2 Pantry, Wordpress 2026-01-05 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4.
CVE-2025-62147 2 Realbig, Wordpress 2 Realbig, Wordpress 2026-01-05 5.3 Medium
Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3.
CVE-2025-58894 2 Axiomthemes, Wordpress 2 Good Mood, Wordpress 2026-01-05 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.
CVE-2025-62145 1 Wordpress 1 Wordpress 2026-01-05 5.3 Medium
Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0.
CVE-2025-62133 2 Manidoraisamy, Wordpress 2 Formfacade, Wordpress 2026-01-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1.
CVE-2025-66152 2 Merkulove, Wordpress 2 Criptopayer For Elementor, Wordpress 2026-01-05 5.4 Medium
Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1.
CVE-2025-66151 2 Merkulove, Wordpress 2 Countdowner For Elementor, Wordpress 2026-01-05 5.4 Medium
Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4.
CVE-2025-58893 2 Axiomthemes, Wordpress 2 Alright, Wordpress 2026-01-05 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.
CVE-2025-69089 2 Wordpress, Wpautolistings 2 Wordpress, Auto Listings 2026-01-05 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through <= 2.7.1.
CVE-2025-69088 3 Vidish, Woocommerce, Wordpress 3 Combo Offers Woocommerce, Woocommerce, Wordpress 2026-01-05 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2.
CVE-2025-69034 2 Mikado-themes, Wordpress 2 Lekker, Wordpress 2026-01-05 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.
CVE-2025-69033 2 Awplife, Wordpress 2 Blog Filter, Wordpress 2026-01-05 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.3.
CVE-2025-58225 2 Axiomthemes, Wordpress 2 Paragon, Wordpress 2026-01-05 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.
CVE-2025-53453 2 Axiomthemes, Wordpress 2 Hygia, Wordpress 2026-01-05 8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.
CVE-2025-53449 2 Axiomthemes, Wordpress 2 Convex, Wordpress 2026-01-05 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through <= 1.11.
CVE-2025-53448 2 Axiomthemes, Wordpress 2 Rally, Wordpress 2026-01-05 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through <= 1.1.
CVE-2025-69032 2 Mikado-themes, Wordpress 2 Fivestar, Wordpress 2026-01-05 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.
CVE-2025-68603 2 Marketing Fire, Wordpress 2 Editorial Calendar, Wordpress 2026-01-05 8.1 High
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.