Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44036 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-62887 3 Elementor, Kingaddons, Wordpress 3 Elementor, King Addons For Elementor, Wordpress 2026-01-20 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.37.
CVE-2025-62885 2 Rextheme, Wordpress 2 Wp Vr, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.42.
CVE-2025-62761 2 Basepress, Wordpress 2 Knowledge Base Documentation & Wiki Plugin, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.17.0.1.
CVE-2025-62760 2 Buddypress, Wordpress 2 Buddypress, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8.
CVE-2025-62759 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series allows Stored XSS.This issue affects Series: from n/a through 2.0.1.
CVE-2025-62758 2 Funnelforms, Wordpress 2 Funnelforms Free, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8.
CVE-2025-62757 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12.
CVE-2025-62756 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through 10.0.6.
CVE-2025-62752 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kalender.Digital Calendar.Online / Kalender.Digital allows DOM-Based XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.11.
CVE-2025-62750 2 Filipe Seabra, Wordpress 2 Woocommerce Parcelas, Wordpress 2026-01-20 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through 1.3.5.
CVE-2025-62749 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6.
CVE-2025-62748 3 Genetech Products, Woocommerce, Wordpress 3 Web And Woocommerce Addons For Wpbakery Builder, Woocommerce, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.5.
CVE-2025-62746 2 Codeflavors, Wordpress 2 Featured Video For Wordpress & Videographywp, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a through 1.0.18.
CVE-2025-62744 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Steman Page Title Splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through 2.5.9.
CVE-2025-62743 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.5.5.
CVE-2025-62742 2 Curator, Wordpress 2 Curator.io, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5.
CVE-2025-62149 1 Wordpress 1 Wordpress 2026-01-20 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaifuMak Add Custom Codes allows Stored XSS.This issue affects Add Custom Codes: from n/a through 4.80.
CVE-2025-62146 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maksym Marko MX Time Zone Clocks allows Stored XSS.This issue affects MX Time Zone Clocks: from n/a through 5.1.1.
CVE-2025-62142 2 Cincopa, Wordpress 2 Video And Media Plug-in, Wordpress 2026-01-20 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicashmu Cincopa video and media plugin allows Stored XSS.This issue affects Cincopa video and media plug-in: from n/a through 1.163.
CVE-2025-62140 2 Plainwaire, Wordpress 2 Locatoraid Store Locator, Wordpress 2026-01-20 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65.