CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

RedhatCVE•added 2026/01/09 11:12 a.m.•5 views

CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

6.5CVSS7.1AI score0.00423EPSS

Exploits1References1

Vulnrichment•added 2025/10/27 1:34 a.m.•1 views

CVE-2025-62963 WordPress Estatik plugin <= 4.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.3.1...

6.5CVSS5.2AI score0.0003EPSS

Exploits0References1

CVE•added 2025/10/27 1:34 a.m.•5 views

CVE-2025-62963

CVE-2025-62963 describes a DOM-based Cross-Site Scripting flaw in the WordPress plugin Estatik (Estatik Real Estate Plugin) due to improper input neutralization during web page generation. The initial record states impact on Estatik versions up to 4.1.13 (and connected sources indicate a broader ...

6.5CVSS5.8AI score0.0003EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•1 views

WordPress plugin Estatik 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

6.5CVSS6AI score0.0003EPSS

Exploits0References1

Patchstack•added 2025/10/16 3:1 p.m.•2 views

WordPress Estatik plugin <= 4.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Estatik versions = 4.3.0...

6.5CVSS5.2AI score0.0003EPSS

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-1949

Malware in sbrugna...

7.5CVSS7.5AI score0.00589EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 4:57 a.m.•8 views

CVE-2023-6050

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00108EPSS

Exploits2

RedhatCVE•added 2025/05/22 4:24 a.m.•3 views

CVE-2016-10958

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via esmediaimages to wp-admin/admin-ajax.php...

7.5CVSS7.3AI score0.00589EPSS

Exploits1References1

Cvelist•added 2025/02/25 2:17 p.m.•18 views

CVE-2025-26905 WordPress Estatik plugin <= 4.3.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through = 4.3.0...

7.5CVSS0.00626EPSS

Exploits0References1

Vulnrichment•added 2025/02/25 2:17 p.m.•11 views

CVE-2025-26905 WordPress Estatik plugin <= 4.3.0 - Local File Inclusion vulnerability

7.5CVSS8.6AI score0.00626EPSS

Exploits0References1

CNNVD•added 2025/02/25 12:0 a.m.•1 views

WordPress plugin Estatik 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.5CVSS8.6AI score0.00626EPSS

Exploits0References3

Positive Technologies•added 2024/01/15 12:0 a.m.•2 views

PT-2024-14864 · WordPress · Estatik Real Estate Plugin

Name of the Vulnerable Software and Affected Versions: Estatik Real Estate Plugin WordPress plugin versions prior to 4.1.1 Description: The issue allows unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog, due to the plugin unserializing user...

9.8CVSS9.6AI score0.0082EPSS

Exploits2References6

Positive Technologies•added 2024/01/15 12:0 a.m.•3 views

PT-2024-14865 · WordPress · Estatik Real Estate Plugin

Name of the Vulnerable Software and Affected Versions: Estatik Real Estate Plugin WordPress plugin versions prior to 4.1.1 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly sanitise and escape various parameters and generated UR...

6.1CVSS6AI score0.00108EPSS

Exploits2References6

NVD•added 2023/09/27 3:18 p.m.•15 views

CVE-2023-28490

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Estatik Estatik Mortgage Calculator plugin = 2.0.7 versions...

7.1CVSS6.2AI score0.00175EPSS

Exploits0References1

Vulnrichment•added 2023/09/27 5:5 a.m.•11 views

CVE-2023-28490 WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Estatik Estatik Mortgage Calculator plugin = 2.0.7 versions...

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

Cvelist•added 2023/09/06 8:45 a.m.•22 views

CVE-2023-40601 WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Estatik Estatik Mortgage Calculator plugin = 2.0.7 versions...

7.1CVSS6.3AI score0.00208EPSS

Exploits0References1

Vulnrichment•added 2023/09/06 8:45 a.m.•10 views

CVE-2023-40601 WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Estatik Estatik Mortgage Calculator plugin = 2.0.7 versions...

7.1CVSS5.9AI score0.00208EPSS

Exploits0References1

NVD•added 2019/09/16 1:15 p.m.•8 views

CVE-2016-10958

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via esmediaimages to wp-admin/admin-ajax.php...

7.5CVSS7.8AI score0.00589EPSS

Exploits1References3

OSV•added 2019/09/16 1:15 p.m.•0 views

CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

6.5CVSS5.9AI score0.00423EPSS

Exploits1References2