CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14475
8.1 HIGH

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 …

Dec 13, 2025
CVE-2025-14462
4.3 MEDIUM

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to …

Dec 13, 2025
CVE-2025-14454
4.3 MEDIUM

The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, …

Dec 13, 2025
CVE-2025-14451
4.7 MEDIUM

The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient …

Dec 13, 2025
CVE-2025-14447
4.3 MEDIUM

The AnnunciFunebri Impresa plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the annfu_reset_options() function in all …

Dec 13, 2025
CVE-2025-14446
5.4 MEDIUM

The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() …

Dec 13, 2025
CVE-2025-14440
9.8 CRITICAL

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect …

Dec 13, 2025
CVE-2025-14397
8.8 HIGH

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() …

Dec 13, 2025
CVE-2025-14395
4.3 MEDIUM

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions (e.g., pop_submit, …

Dec 13, 2025
CVE-2025-14394
4.3 MEDIUM

The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or …

Dec 13, 2025
CVE-2025-14378
4.4 MEDIUM

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to …

Dec 13, 2025
CVE-2025-14367
5.3 MEDIUM

The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing …

Dec 13, 2025
CVE-2025-14366
5.3 MEDIUM

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing …

Dec 13, 2025
CVE-2025-14365
5.3 MEDIUM

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing …

Dec 13, 2025
CVE-2025-14288
4.3 MEDIUM

The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to …

Dec 13, 2025
CVE-2025-14278
6.4 MEDIUM

The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_title' parameter in all versions up to, and including, …

Dec 13, 2025
CVE-2025-14056
4.4 MEDIUM

The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in all …

Dec 13, 2025
CVE-2025-14050
4.9 MEDIUM

The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to …

Dec 13, 2025
CVE-2025-13705
6.4 MEDIUM

The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, …

Dec 13, 2025
CVE-2025-13403
4.3 MEDIUM

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization …

Dec 13, 2025
CVE-2025-13094
8.8 HIGH

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in …

Dec 13, 2025
CVE-2025-13093
5.3 MEDIUM

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing …

Dec 13, 2025
CVE-2025-13092
5.3 MEDIUM

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing …

Dec 13, 2025
CVE-2025-13089
7.5 HIGH

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and …

Dec 13, 2025
CVE-2025-13077
7.5 HIGH

The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter …

Dec 13, 2025
CVE-2025-12512
4.3 MEDIUM

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is …

Dec 13, 2025
CVE-2025-12362
5.3 MEDIUM

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, …

Dec 13, 2025
CVE-2025-12109
6.4 MEDIUM

The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script …

Dec 13, 2025
CVE-2025-12077
6.1 MEDIUM

The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 …

Dec 13, 2025
CVE-2025-12076
6.1 MEDIUM

The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 …

Dec 13, 2025
CVE-2025-11970
4.4 MEDIUM

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side …

Dec 13, 2025
CVE-2025-11707
5.3 MEDIUM

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due …

Dec 13, 2025
CVE-2025-11693
9.8 CRITICAL

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, …

Dec 13, 2025
CVE-2025-11376
6.4 MEDIUM

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_loop' shortcode in all versions up to, and including, …

Dec 13, 2025
CVE-2025-11164
4.3 MEDIUM

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in …

Dec 13, 2025
CVE-2025-10738
9.8 CRITICAL

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, …

Dec 13, 2025
CVE-2025-10289
5.9 MEDIUM

The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due …

Dec 13, 2025
CVE-2025-0969
6.5 MEDIUM

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() …

Dec 13, 2025
CVE-2025-13970
8.0 HIGH

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to …

Dec 13, 2025
CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation …

Dec 12, 2025
CVE-2025-67721
7.5 HIGH

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of …

Dec 12, 2025
CVE-2025-14585
7.3 HIGH

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of …

Dec 12, 2025
CVE-2025-14584
7.3 HIGH

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. …

Dec 12, 2025
CVE-2025-14066

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Dec 12, 2025
CVE-2025-14583
7.3 HIGH

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of …

Dec 12, 2025
CVE-2025-14582
4.7 MEDIUM

A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing a manipulation of the …

Dec 12, 2025
CVE-2025-67750
8.4 HIGH

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below …

Dec 12, 2025
CVE-2025-67634
4.4 MEDIUM

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a …

Dec 12, 2025
CVE-2025-46289
5.5 MEDIUM

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app …

Dec 12, 2025
CVE-2025-46287
6.5 MEDIUM

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS …

Dec 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.