CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42782 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67631	2 Ecommerce Platforms, Wordpress	2 Gift Hunt, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through <= 2.0.2.
CVE-2025-68528	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Free Shipping Bar	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce allows Stored XSS.This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through <= 2.4.9.
CVE-2025-68527	2 Kodezen, Wordpress	2 Academy Lms, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through <= 3.4.0.
CVE-2025-68532	3 Elementor, Modeltheme, Wordpress	3 Elementor, Addons For Wpbakery And Elementor, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Stored XSS.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.
CVE-2025-67630	1 Wordpress	1 Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2.
CVE-2023-32120	1 Wordpress	1 Wordpress	2025-12-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
CVE-2025-68533	2 Hasthemes, Wordpress	2 Wc Builder, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through <= 1.2.0.
CVE-2025-68512	2 Creativeinteractivemedia, Wordpress	2 Real3d Flipbook, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through <= 4.11.4.
CVE-2025-67629	2 Basticom, Wordpress	2 Framework, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basticom Basticom Framework basticom-framework allows Stored XSS.This issue affects Basticom Framework: from n/a through <= 1.5.2.
CVE-2025-67627	1 Wordpress	1 Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through <= 1.5.
CVE-2025-67628	1 Wordpress	1 Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AMP-MODE Review Disclaimer review-disclaimer allows Stored XSS.This issue affects Review Disclaimer: from n/a through <= 2.0.3.
CVE-2025-68566	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.
CVE-2025-67633	1 Wordpress	1 Wordpress	2025-12-29	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through <= 2.7.3.
CVE-2025-68525	1 Wordpress	1 Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Category Icon category-icon allows Stored XSS.This issue affects Category Icon: from n/a through <= 1.0.2.
CVE-2025-68574	2 Voidcoders, Wordpress	2 Wpbakery Visual Composer Whmcs Elements, Wordpress	2025-12-29	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through <= 1.0.4.3.
CVE-2025-68513	2 Bold-themes, Wordpress	2 Bold Timeline Lite, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through <= 1.2.7.
CVE-2025-68497	2 Brainstormforce, Wordpress	2 Astra Widgets, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through <= 1.2.16.
CVE-2025-67632	1 Wordpress	1 Wordpress	2025-12-29	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Plugin Factory Google AdSense for Responsive Design – GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Google AdSense for Responsive Design – GARD: from n/a through <= 2.23.
CVE-2025-68599	1 Wordpress	1 Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4.
CVE-2025-68598	2 Livecomposer, Wordpress	2 Page Builder: Live Composer, Wordpress	2025-12-29	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.0.5.

« first previous Page 32 of 2140. next last »