CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1042275 matches found

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7.6AI score0.20938EPSS

Exploits1References3

Nuclei•added 9 hours ago•9 views

WP DeskLite - Reflected XSS

WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12724 info: name: WP DeskLite - Reflected XSS...

6.1CVSS5.5AI score0.00252EPSS

Exploits1References2

Nuclei•added 9 hours ago•8 views

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

6.1CVSS5.3AI score0.00199EPSS

Exploits1References2

Nuclei•added 9 hours ago•30 views

Ricoh Web Image Monitor - Reflected XSS

A reflected cross-site scripting vulnerability exists in the laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. id: CVE-2025-41393 info: name: Rico...

6.1CVSS6.2AI score0.01149EPSS

Exploits0References3

Nuclei•added 9 hours ago•9 views

WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS

Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...

6.1CVSS6.4AI score0.00192EPSS

Exploits3References5

Nuclei•added 9 hours ago•27 views

Revive Adserver 5.4.1 - Cross-Site Scripting

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...

6.1CVSS6.2AI score0.08586EPSS

Exploits1References2

Nuclei•added 9 hours ago•11 views

WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting

wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cross-site scripting caused by insufficient sanitization in the GDPR page, letting attackers execute arbitrary scripts in the context of the victim's browser, exploit requires victim to visit a malicious page. id:...

6.1CVSS6.3AI score0.02516EPSS

Exploits0References3

Nuclei•added 9 hours ago•22 views

WordPress Checklist <1.1.9 - Cross-Site Scripting

WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file. id: CVE-2019-16525 info: name: WordPress Checklist 1.1.9 - Cross-Site Scripting author: daffainfo severity: medium description:...

6.1CVSS6.1AI score0.13835EPSS

Exploits2References5

Nuclei•added 9 hours ago•27 views

WordPress Yuzo <5.12.94 - Cross-Site Scripting

WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can consequently inje...

6.1CVSS6.2AI score0.11365EPSS

Exploits1References5

Nuclei•added 9 hours ago•30 views

WordPress JNews Theme <8.0.6 - Cross-Site Scripting

WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory. id: CVE-2021-24342 info: name: WordPress JNews Theme =8.0.6 to mitigate the XSS...

6.1CVSS6.1AI score0.02284EPSS

Exploits2References4

Nuclei•added 9 hours ago•17 views

CLink Office 2.0 - Cross-Site Scripting

CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter. id: CVE-2020-6171 info: name: CLink Office 2.0 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.2AI score0.09522EPSS

Exploits1References4

Nuclei•added 9 hours ago•29 views

WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting

A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. id: CVE-2013-4625 info: name: WordPress Plugin Duplicator 0.4.5 - Cross-Site Scripting...

4.3CVSS5.4AI score0.07785EPSS

Exploits2References5

Nuclei•added 9 hours ago•25 views

WordPress WPSOLR <=8.6 - Cross-Site Scripting

WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credential...

6.1CVSS6.5AI score0.02155EPSS

Exploits2References5

Nuclei•added 9 hours ago•34 views

Fortinet FortiOS <=5.2.3 - Cross-Site Scripting

Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2015-1880 info: name: Fortinet FortiOS =5.2.3 - Cross-Site Scripting author: pikpikcu...

4.3CVSS5.4AI score0.55556EPSS

Exploits0References5

Nuclei•added 9 hours ago•31 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS6.1AI score0.02584EPSS

Exploits1References4

Nuclei•added 9 hours ago•31 views

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...

6.1CVSS6.4AI score0.0225EPSS

Exploits4References5

Nuclei•added 9 hours ago•33 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6AI score0.0304EPSS

Exploits1References3

Nuclei•added 9 hours ago•166 views

Adobe ColdFusion WDDX Deserialization Gadgets

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-44353 info: name: Adobe ColdFusion WDDX...

9.8CVSS8.1AI score0.90887EPSS

Exploits0References5

Nuclei•added 9 hours ago•31 views

Cuppa CMS v1.0 - Cross Site Scripting

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. id: CVE-2022-38295...

6.1CVSS6.4AI score0.10705EPSS

Exploits1References3

Nuclei•added 9 hours ago•26 views

WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting

WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wpheadingtext parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch othe...

5.5CVSS5.9AI score0.01283EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by