CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2026/01/15 6:21 a.m.•2 views

CVE-2025-13627

The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweatclubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...

4.4CVSS5AI score0.00061EPSS

Exploits0References1

NVD•added 2026/01/14 6:15 a.m.•1 views

CVE-2025-13627

4.4CVSS0.00061EPSS

Exploits0References6

Vulnrichment•added 2026/01/14 5:28 a.m.•1 views

CVE-2025-13627 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting

4.4CVSS4.7AI score0.00061EPSS

Exploits0References6

CVE•added 2026/01/14 5:28 a.m.•9 views

CVE-2025-13627

CVE-2025-13627 affects the WordPress plugin Makesweat (versions

4.4CVSS4.7AI score0.00061EPSS

Exploits0References6

Cvelist•added 2026/01/14 5:28 a.m.•24 views

CVE-2025-13627 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting

4.4CVSS0.00061EPSS

Exploits0References6

Positive Technologies•added 2026/01/14 12:0 a.m.•1 views

PT-2026-2808

The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweat clubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00061EPSS

Exploits0References7

CNNVD•added 2026/01/14 12:0 a.m.•2 views

WordPress plugin Makesweat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS6.1AI score0.00061EPSS

Exploits0References6

Patchstack•added 2026/01/13 10:28 p.m.•3 views

WordPress Makesweat plugin <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'makesweatclubid' Setting vulnerability discovered by ChamlaVic in WordPress Plugin Makesweat versions = 0.1...

4.4CVSS5.8AI score0.00061EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by