CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

400 matches found

NVD•added 2026/01/07 12:16 p.m.•1 views

CVE-2025-13974

The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00006EPSS

Exploits0References4

Vulnrichment•added 2026/01/07 9:21 a.m.•3 views

CVE-2025-13974 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content

4.4CVSS4.7AI score0.00006EPSS

Exploits0References4

CVE•added 2026/01/07 9:21 a.m.•13 views

CVE-2025-13974

CVE-2025-13974 : The Email Customizer for WooCommerce (WordPress) is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to 2.6.7 due to insufficient input sanitization and output escaping. The flaw allows an authenticated attacker with administrator-level acce...

4.4CVSS4.7AI score0.00006EPSS

Exploits0References4

Positive Technologies•added 2026/01/07 12:0 a.m.•3 views

PT-2026-1612

Name of the Vulnerable Software and Affected Versions The Email Customizer for WooCommerce versions up to and including 2.6.7 Description The Email Customizer for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through email template content. Insufficient input...

4.4CVSS5.1AI score0.00006EPSS

Exploits0References5

CNNVD•added 2026/01/07 12:0 a.m.•2 views

WordPress plugin Email Customizer for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS5.8AI score0.00006EPSS

Exploits0References3

Patchstack•added 2026/01/06 11:24 p.m.•6 views

WordPress Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Email Template Content vulnerability discovered by fallenofalbaz in WordPress Plugin Email Customizer for WooCommerce versions = 2.6.7...

4.4CVSS5.5AI score0.00006EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/04 8:22 a.m.•3 views

WordPress Add Polylang support for Customizer plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Add Polylang support for Customizer versions = 1.4.5...

4.3CVSS7AI score0.00026EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/12/19 7:33 a.m.•2 views

CVE-2025-49902

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page,...

6.5CVSS5.1AI score0.00054EPSS

Exploits0References1

EUVD•added 2025/12/18 9:30 a.m.•2 views

EUVD-2025-204230

Missing Authorization vulnerability in A WP Life Login Page Customizer Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer Customizer Login Page, Admin Page, Custom...

6.5CVSS6.2AI score0.00054EPSS

Exploits0References2

NVD•added 2025/12/18 8:15 a.m.•2 views

CVE-2025-49902

6.5CVSS0.00054EPSS

Exploits0References1

ATTACKERKB•added 2025/12/18 7:21 a.m.•1 views

CVE-2025-49902

6.5CVSS5.1AI score0.00054EPSS

Exploits0References3

Vulnrichment•added 2025/12/18 7:21 a.m.•1 views

CVE-2025-49902 WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

6.5CVSS6.3AI score0.00054EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•25 views

CVE-2025-49902 WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

6.5CVSS0.00054EPSS

Exploits0References1

CVE•added 2025/12/18 7:21 a.m.•7 views

CVE-2025-49902

The CVE-2025-49902 entry concerns the WordPress plugin Login Page Customizer – Customizer Login Page, Admin Page, Custom Design (versions

6.5CVSS5.2AI score0.00054EPSS

Exploits0References1

CNNVD•added 2025/12/18 12:0 a.m.•1 views

WordPress plugin Login Page Customizer – Customizer Login Page, Admin Page, Custom Design 安全漏洞

...

6.5CVSS5.8AI score0.00054EPSS

Exploits0References1

RedhatCVE•added 2025/12/10 2:23 p.m.•3 views

CVE-2025-67599

Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through = 2.1.1...

4.3CVSS7AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2025/12/10 2:22 p.m.•2 views

CVE-2025-66528

Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through = 1.1.8...

4.3CVSS6.7AI score0.00034EPSS

Exploits0References1

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-202144

6.2AI score0.00034EPSS

Exploits0References2

NVD•added 2025/12/09 4:18 p.m.•3 views

CVE-2025-67599

4.3CVSS0.00034EPSS

Exploits0References1

EUVD•added 2025/12/09 2:14 p.m.•2 views

EUVD-2025-202054