Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44417 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-50469 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Bright Vessel Textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through 0.1.3.1.
CVE-2024-29762 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.
CVE-2024-11877 1 Wordpress 1 Wordpress 2025-07-12 6.4 Medium
The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-23683 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MACME allows Reflected XSS. This issue affects MACME: from n/a through 1.2.
CVE-2025-23824 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0.
CVE-2025-47515 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seb WP DPE-GES allows DOM-Based XSS. This issue affects WP DPE-GES: from n/a through 1.6.
CVE-2024-56262 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches allows Stored XSS.This issue affects GS Coaches: from n/a through 1.1.0.
CVE-2024-27987 2 Givewp, Wordpress 2 Give, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1.
CVE-2025-31759 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BooSpot Boo Recipes allows Stored XSS. This issue affects Boo Recipes: from n/a through 2.4.1.
CVE-2025-23612 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pixobe Cartography allows Reflected XSS. This issue affects Pixobe Cartography: from n/a through 1.0.1.
CVE-2025-28899 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Event Ticketing allows Reflected XSS. This issue affects WP Event Ticketing: from n/a through 1.3.4.
CVE-2024-29908 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71.
CVE-2025-30918 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemacher Structured Content allows Stored XSS. This issue affects Structured Content: from n/a through 1.6.3.
CVE-2025-23540 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end login and register: from n/a through 2.1.0.
CVE-2025-23601 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tab My Content allows Reflected XSS. This issue affects Tab My Content: from n/a through 1.0.0.
CVE-2024-51854 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hola Networks Hola Free Video Player allows DOM-Based XSS.This issue affects Hola Free Video Player: from n/a through 1.3.9.
CVE-2024-54220 2 Roninwp, Wordpress 2 Fat Services Booking, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roninwp FAT Services Booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through 5.6.
CVE-2024-11764 1 Wordpress 1 Wordpress 2025-07-12 6.4 Medium
The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-33643 1 Wordpress 1 Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2.
CVE-2024-33918 1 Wordpress 1 Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23.