Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (74566 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-67465 2 Quantumcloud, Wordpress 2 Simple Link Directory, Wordpress 2026-04-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-66534 1 Wordpress 1 Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9.
CVE-2025-66533 2 Stellarwp, Wordpress 2 Givewp, Wordpress 2026-04-01 7.8 High
Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.
CVE-2025-66532 3 Mikado-themes, Qodeinteractive, Wordpress 3 Powerlift, Powerlift, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
CVE-2025-66531 1 Wordpress 1 Wordpress 2026-04-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3.
CVE-2025-66530 2 Webba-booking, Wordpress 2 Webba Booking, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1.
CVE-2025-66529 2 Ays-pro, Wordpress 2 Chartify, Wordpress 2026-04-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3.
CVE-2025-66528 2 Villatheme, Wordpress 2 Thank You Page Customizer For Woocommerce, Wordpress 2026-04-01 8.1 High
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.8.
CVE-2025-66138 2 Merkulove, Wordpress 2 Motionger For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.
CVE-2025-66137 2 Merkulove, Wordpress 2 Searcher For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.
CVE-2025-66136 2 Merkulove, Wordpress 2 Carter For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.
CVE-2025-66135 2 Merkulove, Wordpress 2 Imager For Elementor, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.
CVE-2025-66119 1 Wordpress 1 Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.
CVE-2025-66118 1 Wordpress 1 Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.
CVE-2025-66117 2 Ays-pro, Wordpress 2 Easy Form, Wordpress 2026-04-01 7.5 High
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
CVE-2025-66116 2 Userelements, Wordpress 2 Ultimate Member Widgets For Elementor, Wordpress 2026-04-01 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
CVE-2025-66102 1 Wordpress 1 Wordpress 2026-04-01 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
CVE-2025-66088 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2026-04-01 7.5 High
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
CVE-2025-66070 1 Wordpress 1 Wordpress 2026-04-01 7.5 High
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
CVE-2025-66055 2 Icegram, Wordpress 2 Email Subscribers & Newsletters, Wordpress 2026-04-01 7.2 High
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.