CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-32964

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00393EPSS

Exploits0References3

Cvelist•added 2025/09/06 3:22 a.m.•6 views

CVE-2025-9442 StreamWeasels Kick Integration <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vodsChannel’ parameter in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00066EPSS

Exploits0References4

Vulnrichment•added 2025/09/06 3:22 a.m.•5 views

CVE-2025-9442 StreamWeasels Kick Integration <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter

6.4CVSS4.7AI score0.00066EPSS

Exploits0References4

CVE•added 2025/09/06 3:22 a.m.•15 views

CVE-2025-9442

CVE-2025-9442 : StreamWeasels Kick Integration for WordPress is vulnerable to Stored Cross-Site Scripting via the vodsChannel parameter in all versions up to and including 1.1.5. Exploitation requires authentication at Contributor level or higher, and an injected script runs when a user visits th...

6.4CVSS4.7AI score0.00066EPSS

Exploits0References4

Patchstack•added 2025/09/06 12:10 a.m.•4 views

WordPress StreamWeasels Kick Integration plugin <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via vodsChannel Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.5...

6.4CVSS5.5AI score0.00066EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/09/06 12:0 a.m.•2 views

WordPress plugin StreamWeasels Kick Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS5.7AI score0.00066EPSS

Exploits0References5

RedhatCVE•added 2025/07/31 5:7 a.m.•4 views

CVE-2025-7810

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS6AI score0.00122EPSS

Exploits0References1

Vulnrichment•added 2025/07/29 3:41 a.m.•1 views

CVE-2025-7810 StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4CVSS5.5AI score0.00122EPSS

Exploits0References3

Positive Technologies•added 2025/07/29 12:0 a.m.•2 views

PT-2025-31162 · WordPress · Streamweasels Kick Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Kick Integration plugin for WordPress versions through 1.1.4 Description: The StreamWeasels Kick Integration plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s data-uuid attribute. Insufficie...

5.4CVSS6AI score0.00122EPSS

Exploits0References9

RedhatCVE•added 2025/06/16 8:26 a.m.•2 views

CVE-2025-5589

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00203EPSS

Exploits0References1

CVE•added 2025/06/14 8:23 a.m.•32 views

CVE-2025-5589

CVE-2025-5589 affects StreamWeasels Kick Integration for WordPress; all versions up to 1.1.3 are vulnerable to Stored XSS via the status-classic-offline-text parameter due to insufficient input sanitization and output escaping. Exploitation requires Contributor+ authenticated access; successful a...

6.4CVSS5.7AI score0.00203EPSS

Exploits0References4

Vulnrichment•added 2025/06/14 8:23 a.m.•1 views

CVE-2025-5589 StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter

6.4CVSS5.7AI score0.00203EPSS

Exploits0References4

Cvelist•added 2025/06/14 8:23 a.m.•10 views

CVE-2025-5589 StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter

6.4CVSS0.00203EPSS

Exploits0References4

CNNVD•added 2025/06/14 12:0 a.m.•1 views

WordPress plugin StreamWeasels Kick Integration 跨站脚本漏洞

6.4CVSS5.7AI score0.00203EPSS

Exploits0References2

Positive Technologies•added 2025/06/14 12:0 a.m.•1 views

PT-2025-25475 · WordPress · Streamweasels Kick Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Kick Integration plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.6AI score0.00203EPSS

Exploits0References8

RedhatCVE•added 2025/05/23 8:19 a.m.•1 views

CVE-2024-10184

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5AI score0.00393EPSS

Exploits0References1

CVE•added 2024/10/29 11:1 a.m.•40 views

CVE-2024-10184

CVE-2024-10184 affects StreamWeasels Kick Integration plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the sw-kick-embed shortcode, occurring in all versions up to 1.1.1 due to insufficient input sanitization and output escaping on user-supplied attributes. Explo...

6.4CVSS5.7AI score0.00393EPSS

Exploits0References3

Cvelist•added 2024/10/29 11:1 a.m.•10 views

CVE-2024-10184 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

6.4CVSS0.00393EPSS

Exploits0References3

Patchstack•added 2024/10/29 5:12 a.m.•1 views

WordPress SW Kick Integration plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.1...

6.4CVSS5.8AI score0.00393EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/29 12:0 a.m.•6 views

WordPress SW Kick Integration Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SW Kick Integration Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10184 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0ac845fe096 Credits Peter Thaleikis...

6.4CVSS5.7AI score0.00393EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by