Export limit exceeded: 346866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 346866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found '/' (at char 37), (line:1, col:38)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346866 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-62982 2 Sarah Giles, Wordpress 2 Dynamic User Directory, Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through <= 2.3.
CVE-2025-62981 1 Wordpress 1 Wordpress 2026-04-23 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.8.
CVE-2025-62980 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.
CVE-2025-62978 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <= 1.8.5.
CVE-2025-62977 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in 沃之涛 百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.4.
CVE-2025-62976 2 Joovii, Wordpress 2 Sendle Shipping, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through <= 6.02.
CVE-2025-62975 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.
CVE-2025-62972 2 Webinarpress, Wordpress 2 Webinarpress, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28.
CVE-2025-62970 2 Spencer Haws, Wordpress 2 Link Whisper Free, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.9.2.
CVE-2025-62966 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.
CVE-2025-62964 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.6.
CVE-2025-62963 2 Estatik, Wordpress 2 Estatik, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.3.1.
CVE-2025-62961 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in sparklewpthemes Sparkle FSE sparkle-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through <= 1.0.9.
CVE-2025-62960 2 Sparkle Wp, Wordpress 2 Construction Light, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through <= 1.6.7.
CVE-2025-62958 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts &amp; Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts &amp; Pages: from n/a through <= 2.2.61.
CVE-2025-62955 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Retrieve Embedded Sensitive Data.This issue affects TempTool [Show Current Template Info]: from n/a through <= 1.3.1.
CVE-2025-62953 2 Welcart, Wordpress 2 E-commerce, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24.
CVE-2025-62947 1 Wordpress 1 Wordpress 2026-04-23 5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.
CVE-2025-62944 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4.
CVE-2025-62943 2 Matt Mcinvale, Wordpress 2 Next Page, Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt McInvale Next Page, Not Next Post next-page-not-next-post allows Stored XSS.This issue affects Next Page, Not Next Post: from n/a through <= 0.3.0.