Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11107 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-28946 1 Wordpress 1 Wordpress 2026-03-18 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore allows PHP Local File Inclusion.This issue affects PrintXtore: from n/a before 1.7.8.
CVE-2025-49940 1 Wordpress 1 Wordpress 2026-03-18 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.
CVE-2025-49939 2 Crocoblock, Wordpress 2 Jetelements For Elementor, Wordpress 2026-03-18 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.
CVE-2025-49938 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-03-18 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.
CVE-2025-49936 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-03-18 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.
CVE-2025-49935 2 Wordpress, Xtemos 2 Wordpress, Woodmart 2026-03-18 7.4 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2.
CVE-2025-49933 1 Wordpress 1 Wordpress 2026-03-18 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through <= 2.4.4.
CVE-2023-47663 1 Wordpress 1 Wordpress 2026-03-18 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-49932 1 Wordpress 1 Wordpress 2026-03-17 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through <= 2.4.4.1.
CVE-2025-49931 1 Wordpress 1 Wordpress 2026-03-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.
CVE-2025-49930 1 Wordpress 1 Wordpress 2026-03-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10.
CVE-2025-49929 2 Ultimateblocks, Wordpress 2 Ultimateblocks, Wordpress 2026-03-17 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.6.
CVE-2025-49928 2 Crocoblock, Wordpress 2 Jetformbuilder, Wordpress 2026-03-17 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows DOM-Based XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.
CVE-2025-49927 2 Crocoblock, Wordpress 2 Jetformbuilder, Wordpress 2026-03-17 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.1.
CVE-2025-49926 2 Laborator, Wordpress 2 Kalium, Wordpress 2026-03-17 7.3 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25.
CVE-2026-27052 2 Villatheme, Wordpress 2 Sales Countdown Timer For Woocommerce And Wordpress, Wordpress 2026-03-17 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VillaTheme Sales Countdown Timer for WooCommerce and WordPress allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a before 1.1.9.
CVE-2025-8280 2 Iambriansreed, Wordpress 2 Contact Form 7 Recaptcha, Wordpress 2026-03-16 5.8 Medium
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
CVE-2025-12189 2 Breadbutter, Wordpress 2 Bread \& Butter, Wordpress 2026-03-16 4.3 Medium
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage() function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2026-27332 2 Skygroup, Wordpress 2 Agrofood, Wordpress 2026-03-16 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skygroup Agrofood allows Reflected XSS.This issue affects Agrofood: from n/a before 1.4.0.
CVE-2026-28119 2 Axiomthemes, Wordpress 2 Nirvana, Wordpress 2026-03-13 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Nirvana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through 2.6.