CVE Lookup

Search Common Vulnerabilities and Exposures (CVE) by number.



Most recent CVE


PublishedCVEWebsites
Feb 29, 2024WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)850
Feb 29, 2024WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control1,361
Feb 28, 2024Potential Cross-Site Scripting (XSS) in the page editing area1,931
Feb 28, 2024WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection49
Feb 28, 2024WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)989
Feb 28, 2024Incorrect access control in the Sitefinity backend1,931
Feb 26, 2024Showdownjs Denial of Service852
Feb 26, 2024WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload49
Feb 24, 2024Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used...24
Feb 23, 2024The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to...23
See complete CVE list

Most prevalent CVE


PublishedCVEWebsites
Dec 14, 2022WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding3,568,724
Dec 1, 2023The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient ...2,545,721
Nov 30, 2023WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)2,016,067
Apr 12, 2021Prototype Pollution1,496,708
May 17, 2023WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘...1,188,209
Aug 11, 2023Security issue with external entity loading in XML without enabling it1,089,606
Aug 11, 2023Buffer overflow and overread in phar_dir_read()1,089,606
Oct 16, 2023WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure1,079,839
Nov 14, 2022OOB read due to insufficient input validation in imageloadfont()1,076,326
Jul 22, 2023Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP1,061,221
See complete CVE list