Search

Expected end of text, found ':' (at char 26), (line:1, col:27)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (328541 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-66067 2 Funnelkit, Wordpress 2 Funnel Builder, Wordpress 2026-01-20 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2.
CVE-2025-66066 2 Envothemes, Wordpress 2 Envo Extra, Wordpress 2026-01-20 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11.
CVE-2025-66065 2 Jegstudio, Wordpress 2 Gutenverse, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.
CVE-2025-66064 2 Rafflepress, Wordpress 3 Giveaways And Contests, Giveaways And Contests By Rafflepress, Wordpress 2026-01-20 5.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20.
CVE-2025-66063 2 Jgwhite33, Wordpress 2 Wp Google Review Slider, Wordpress 2026-01-20 5.4 Medium
Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.
CVE-2025-66062 1 Wordpress 1 Wordpress 2026-01-20 3.7 Low
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28.
CVE-2025-66061 3 Castos, Craig Hewitt, Wordpress 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress 2026-01-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66060 3 Castos, Craig Hewitt, Wordpress 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66059 3 Castos, Craig Hewitt, Wordpress 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress 2026-01-20 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66058 2 Pickplugins, Wordpress 2 Post Grid, Wordpress 2026-01-20 6.5 Medium
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.17.
CVE-2025-66057 2 Bold-themes, Wordpress 2 Bold Page Builder, Wordpress 2026-01-20 6.3 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2.
CVE-2025-66056 2 Uncannyowl, Wordpress 2 Uncanny Automator, Wordpress 2026-01-20 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
CVE-2025-66055 2 Icegram, Wordpress 2 Email Subscribers & Newsletters, Wordpress 2026-01-20 7.2 High
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.
CVE-2025-66054 2 Thimpress, Wordpress 2 Learnpress, Wordpress 2026-01-20 7.5 High
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-66053 2 Kriesi, Wordpress 2 Enfold, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2.
CVE-2025-64639 3 Mainwp, Wordpress, Wp Compress 3 Mainwp, Wordpress, For Mainwp 2026-01-20 5.3 Medium
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.07.
CVE-2025-64638 3 Onpay.io, Woocommerce, Wordpress 3 For Woocommerce, Woocommerce, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.
CVE-2025-64635 1 Wordpress 1 Wordpress 2026-01-20 5.4 Medium
Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
CVE-2025-64634 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-01-20 8.8 High
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.1.
CVE-2025-64633 1 Wordpress 1 Wordpress 2026-01-20 5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8.