CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4382 matches found

Vulnrichment•added 2025/02/25 2:17 p.m.•6 views

CVE-2025-26904 WordPress WP Responsive Auto Fit Text plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in galop WP Responsive Auto Fit Text wp-responsive-slab-text allows DOM-Based XSS.This issue affects WP Responsive Auto Fit Text: from n/a through = 0.2...

6.5CVSS8.6AI score0.00237EPSS

Exploits0References1

CVE•added 2025/02/25 2:17 p.m.•59 views

CVE-2025-26913

CVE-2025-26913 – AR for WordPress plugin is affected. The Wordfence vulnerability details (with the CVE linked) indicate an authenticated, stored cross-site scripting (XSS) vulnerability in AR for WordPress, affecting versions up to 7.7 in the WordPress plugin. The root cause is described as insu...

6.5CVSS7.2AI score0.00252EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•16 views

CVE-2025-26913 WordPress AR for WordPress plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webandprint AR For WordPress ar-for-wordpress allows DOM-Based XSS.This issue affects AR For WordPress: from n/a through = 7.7...

6.5CVSS0.00252EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•13 views

CVE-2025-26904 WordPress WP Responsive Auto Fit Text plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00237EPSS

Exploits0References1

CVE•added 2025/02/25 2:17 p.m.•63 views

CVE-2025-26904

CVE-2025-26904 concerns the WordPress plugin WP Responsive Auto Fit Text. According to Wordfence vulnerability data, this entry represents an authenticated, stored cross-site scripting (XSS) vulnerability in WP Responsive Auto Fit Text versions up to 0.2, exploitable via the npc shortcode. The im...

6.5CVSS7.2AI score0.00237EPSS

Exploits0References1

Vulnrichment•added 2025/02/25 2:17 p.m.•11 views

CVE-2025-26893 WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kiran Potphode Easy Charts easy-charts allows DOM-Based XSS.This issue affects Easy Charts: from n/a through = 1.2.3...

6.5CVSS8.6AI score0.00231EPSS

Exploits0References1

Vulnrichment•added 2025/02/25 2:17 p.m.•3 views

CVE-2025-26897 WordPress List Related Attachments plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baden List Related Attachments list-related-attachments-widget allows DOM-Based XSS.This issue affects List Related Attachments: from n/a through = 2.1.6...

6.5CVSS8.6AI score0.00231EPSS

Exploits0References1

CVE•added 2025/02/25 2:17 p.m.•54 views

CVE-2025-26897

CVE-2025-26897 concerns a Cross-Site Scripting (DOM-based) vulnerability in the WordPress plugin List Related Attachments (vulnerable through 2.1.6). The issue stems from improper input neutralization during web page generation, enabling DOM‑based XSS when processing related attachments. Accordin...

6.5CVSS7.2AI score0.00231EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•14 views

CVE-2025-26893 WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00231EPSS

Exploits0References1

CVE•added 2025/02/25 2:17 p.m.•53 views

CVE-2025-26893

CVE-2025-26893 (Easy Charts, WordPress) : A DOM-based XSS in Easy Charts up to version 1.2.3. Root cause: improper neutralization of input during web page generation. Impact: authenticated attackers could inject script via the affected chart rendering path. Remediation: upgrade to the patched ver...

6.5CVSS7.2AI score0.00231EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•14 views

CVE-2025-26878 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products autoship-cloud allows DOM-Based XSS.This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through...

6.5CVSS0.00252EPSS

Exploits0References1

CVE•added 2025/02/25 2:17 p.m.•60 views

CVE-2025-26878

CVE-2025-26878 is an authenticated (Contributor+) stored DOM-based XSS vulnerability in Autoship Cloud for WooCommerce Subscription Products, affecting versions up to 2.8.0.1. Technical details confirm a cross-site scripting issue triggered via input during web page generation. The connected docu...

6.5CVSS7.2AI score0.00252EPSS

Exploits0References1

NVD•added 2025/02/25 2:15 a.m.•11 views

CVE-2025-27145

copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execu...

6.1CVSS0.00426EPSS

Exploits1References3

Cvelist•added 2025/02/25 1:36 a.m.•14 views

CVE-2025-27145 copyparty renders unsanitized filenames as HTML when user uploads empty files

3.6CVSS0.00426EPSS

Exploits1References3

OSV•added 2025/02/25 1:36 a.m.•12 views

CVE-2025-27145 copyparty renders unsanitized filenames as HTML when user uploads empty files

3.6CVSS6.5AI score0.00426EPSS

Exploits1References5

CNNVD•added 2025/02/25 12:0 a.m.•4 views

WordPress plugin Easy Charts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS8.3AI score0.00231EPSS

Exploits0References3

CNNVD•added 2025/02/25 12:0 a.m.•2 views

WordPress plugin WP Responsive Auto Fit Text 跨站脚本漏洞

6.5CVSS8.3AI score0.00237EPSS

Exploits0References3

Positive Technologies•added 2025/02/25 12:0 a.m.•4 views

PT-2025-7848 · WordPress · Ar For Wordpress

Name of the Vulnerable Software and Affected Versions: AR For WordPress versions n/a through 7.7 Description: The issue affects the webandprint AR For WordPress plugin, allowing for DOM-Based XSS due to improper neutralization of input during web page generation. This can lead to Cross-site...

6.5CVSS9.1AI score0.00252EPSS

Exploits0References4

Positive Technologies•added 2025/02/25 12:0 a.m.•3 views

PT-2025-7841 · Unknown · Baden List Related Attachments

Name of the Vulnerable Software and Affected Versions: Baden List Related Attachments versions n/a through 2.1.6 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically DOM-Based XSS...

6.5CVSS8.8AI score0.00231EPSS

Exploits0References3

RedhatCVE•added 2025/02/24 4:21 p.m.•10 views

CVE-2025-26973

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WarfarePlugins Social Warfare social-warfare allows DOM-Based XSS.This issue affects Social Warfare: from n/a through = 4.5.5...

6.5CVSS7.2AI score0.00216EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by