CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/29 5:32 a.m.•36 views

CVE-2025-11993 WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP Object Injection

8.8CVSS0.00089EPSS

Vulnrichment•added 2026/05/29 5:32 a.m.•7 views

CVE-2025-11993 WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP Object Injection

EUVD•added 2026/05/29 5:32 a.m.•14 views

EUVD-2025-209981

ATTACKERKB•added 2026/05/29 5:32 a.m.•12 views

CVE-2025-11993

CNNVD•added 2026/05/29 12:0 a.m.•6 views

WordPress plugin WooCommerce Infinite Scroll and Ajax Pagination 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44749

Name of the Vulnerable Software and Affected Versions WooCommerce Infinite Scroll and Ajax Pagination versions prior to 1.9 Description The plugin is subject to PHP Object Injection, a condition where untrusted data is deserialized, allowing an attacker to manipulate the application's logic. The...

8.8CVSS6.2AI score0.00089EPSS

Exploits0References7

Positive Technologies•added 2025/12/24 12:0 a.m.•3 views

PT-2025-53362

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...

9.8CVSS7.7AI score0.00029EPSS

Exploits1References4

RedhatCVE•added 2025/12/14 5:3 a.m.•1 views

CVE-2025-14367

The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in the etoimportsettings function. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

5.3CVSS5.9AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/12/13 6:30 p.m.•2 views

EUVD-2025-203214

5.3CVSS5.4AI score0.00036EPSS

Exploits0References4

NVD•added 2025/12/13 4:16 p.m.•2 views

CVE-2025-14367

5.3CVSS0.00036EPSS

Cvelist•added 2025/12/13 4:31 a.m.•17 views

CVE-2025-14367 Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import

5.3CVSS0.00036EPSS

Vulnrichment•added 2025/12/13 4:31 a.m.•1 views

CVE-2025-14367 Easy Theme Options <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Import

5.3CVSS5.5AI score0.00036EPSS

CVE•added 2025/12/13 4:31 a.m.•9 views

CVE-2025-14367

CVE-2025-14367 affects the WordPress plugin Easy Theme Options (versions up to 1.0). The issue is Missing Authorization in the eto_import_settings function, enabling authenticated attackers with Subscriber-level access and above to import arbitrary plugin settings via the eto_import_settings para...

5.3CVSS5.5AI score0.00036EPSS

Positive Technologies•added 2025/12/13 12:0 a.m.•2 views

PT-2025-51067

The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in the eto import settings function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

5.3CVSS5.9AI score0.00036EPSS

CNNVD•added 2025/12/13 12:0 a.m.•1 views

WordPress plugin Easy Theme Options 安全漏洞

...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 3:13 a.m.•2 views

CVE-2023-2497

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to...

8.8CVSS5.6AI score0.00177EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:31 p.m.•3 views

CVE-2021-24378

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execut...

4.8CVSS7.1AI score0.00225EPSS

Exploits2References1

OSV•added 2025/05/15 8:15 p.m.•1 views

CVE-2023-5934

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack...

7.3CVSS5.8AI score

Exploits0References1

CNNVD•added 2025/03/05 12:0 a.m.•2 views

WordPress plugin WP Online Contract 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS9AI score0.00256EPSS