Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43300 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23473 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Killer Theme Options allows Reflected XSS. This issue affects Killer Theme Options: from n/a through 2.0.
CVE-2025-23772 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio PetullĂ  imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7.
CVE-2025-25158 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Uncomplicated SEO allows Reflected XSS. This issue affects Uncomplicated SEO: from n/a through 1.2.
CVE-2025-26537 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound GDPR Tools allows Stored XSS. This issue affects GDPR Tools: from n/a through 1.0.2.
CVE-2024-33926 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0.
CVE-2024-29105 2 Timersys, Wordpress 2 Wp Popups, Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5.
CVE-2025-25097 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1.
CVE-2024-51803 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnetic Creative Inline Click To Tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through 1.0.0.
CVE-2025-26732 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32.
CVE-2024-32079 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2.
CVE-2025-46445 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1.
CVE-2024-49647 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Carl Alberto Simple Custom Admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through 1.2.
CVE-2024-51613 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Connell TradeMe widgets allows Stored XSS.This issue affects TradeMe widgets: from n/a through 1.2.
CVE-2024-31092 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15.
CVE-2024-47343 2 Kraftplugins, Wordpress 2 Mega Elements, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4.
CVE-2025-22794 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6.
CVE-2024-56035 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kurt Payne Upload Scanner allows Reflected XSS.This issue affects Upload Scanner: from n/a through 1.2.
CVE-2024-33951 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5.
CVE-2025-23599 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound eMarksheet allows Reflected XSS. This issue affects eMarksheet: from n/a through 5.0.
CVE-2024-51618 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DuoGeek Custom Admin Menu allows Stored XSS.This issue affects Custom Admin Menu: from n/a through 1.0.0.