CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin MailChimp Block versions = 1.1.12...

4CVSS6.8AI score0.00089EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/09/26 8:31 a.m.•7 views

CVE-2025-60138 WordPress SKT Blocks plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through = 2.6...

6.5CVSS0.00042EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:25 p.m.•10 views

CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analytics-referrals allows Stored XSS.This issue affects Bot Block – Stop Spam Referrals in Google Analytic...

5.9CVSS0.00039EPSS

Exploits0References1

CNVD•added 2025/08/20 12:0 a.m.•2 views

WordPress Plugin Button Block Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Button Block 1.2.0 and prior...

4.3CVSS6.8AI score0.00084EPSS

Exploits0References1

Patchstack•added 2025/08/19 9:30 a.m.•6 views

WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 63n0 Patchstack Bug Bounty Program in WordPress Plugin iFrame Block versions = 0.1.1...

6.5CVSS5.9AI score0.00051EPSS

Exploits0Affected Software1

NVD•added 2025/08/14 11:15 a.m.•3 views

CVE-2025-54694

Cross-Site Request Forgery CSRF vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through = 1.2.0...

4.3CVSS0.00084EPSS

Exploits0References1

Vulnrichment•added 2025/08/14 10:34 a.m.•2 views

CVE-2025-54694 WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0...

4.3CVSS7.2AI score0.00084EPSS

Exploits0References1

CNNVD•added 2025/08/14 12:0 a.m.•1 views

WordPress plugin Button Block 跨站请求伪造漏洞

4.3CVSS6.7AI score0.00084EPSS

Exploits0References1

Positive Technologies•added 2025/07/18 12:0 a.m.•1 views

PT-2025-29995 · WordPress · The Useful Tab Block – Responsive & Amp-Compatible

Name of the Vulnerable Software and Affected Versions: The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress versions prior to 1.3.3 Description: The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is susceptible to Stored Cross-Site Scripting through the...

6.4CVSS5.7AI score0.00163EPSS

Exploits0References7

CNNVD•added 2025/06/27 12:0 a.m.•1 views

WordPress plugin WP Map Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.8CVSS5.6AI score0.00166EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:34 a.m.•12 views

CVE-2024-13400

The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Kona: Instagram for Gutenberg" Block, specifically in the "align" attribute, in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS5.8AI score0.00114EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:54 a.m.•5 views

CVE-2024-11645

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.0017EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:36 a.m.•9 views

CVE-2023-44261

Cross-Site Request Forgery CSRF vulnerability in Dinesh Karki Block Plugin Update plugin = 3.3 versions...

8.8CVSS7AI score0.00147EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:19 a.m.•6 views

CVE-2023-45646

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Henryholtgeerts PDF Block plugin = 1.1.0 versions...

6.5CVSS5.6AI score0.00163EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:35 p.m.•6 views

CVE-2021-43557

The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains...

7.5CVSS6.7AI score0.55262EPSS

Exploits1

RedhatCVE•added 2025/05/22 7:23 p.m.•9 views

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the ebwriteblockcss AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users...

4.3CVSS6.5AI score0.0023EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 7:49 a.m.•8 views

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

9.8CVSS8.3AI score0.00307EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by