CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3941 matches found

NVD•added 2025/12/09 4:17 p.m.•2 views

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00186EPSS

Exploits0References1

Cvelist•added 2025/12/09 2:52 p.m.•28 views

CVE-2025-63069 WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...

5.3CVSS0.00289EPSS

Exploits0References1

Vulnrichment•added 2025/12/09 2:52 p.m.•2 views

CVE-2025-63069 WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability

5.3CVSS6.6AI score0.00289EPSS

Exploits0References1

CVE•added 2025/12/09 2:52 p.m.•19 views

CVE-2025-63069

Summary of CVE-2025-63069 : A missing authorization vulnerability in the WordPress plugin Ivory Search (add-search-to-menu) enables broken access control on Ivory Search versions up to and including 5.5.12. The public CVE set documents this as a WordPress plugin issue with a CVSS v3.1 base score ...

5.3CVSS6.6AI score0.00289EPSS

Exploits0References1

RedhatCVE•added 2025/12/09 12:29 p.m.•2 views

CVE-2025-14244

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely...

4.8CVSS5.6AI score0.00223EPSS

Exploits1References1

Cvelist•added 2025/12/09 6:0 a.m.•29 views

CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS

0.00186EPSS

Exploits0References1

Vulnrichment•added 2025/12/09 6:0 a.m.•2 views

CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS

5.7AI score0.00186EPSS

Exploits0References1

CVE•added 2025/12/09 6:0 a.m.•15 views

CVE-2025-13071

CVE-2025-13071 affects the WordPress plugin “Custom Admin Menu” up to version 1.0.0. The issue is a reflected Cross-Site Scripting (XSS) where a parameter is echoed back without proper sanitisation/escaping, enabling an attacker to inject scripts that could run in the context of an admin user’s s...

7.1CVSS5.7AI score0.00186EPSS

Exploits0References1

CNNVD•added 2025/12/09 12:0 a.m.•1 views

WordPress plugin Custom Admin Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS5.8AI score0.00186EPSS

Exploits0References1

CNNVD•added 2025/12/09 12:0 a.m.•2 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for benefit organizations by Nilson Lazarin Individual Developer. A cross-site scripting vulnerability exists in WeGIA 3.5.4 and prior versions, which stems from improper user control data cleanup in the Employee Selection drop-down menu and could lead to a stored cross-sit...

5.4CVSS5.9AI score0.00205EPSS

Exploits1References4

Positive Technologies•added 2025/12/09 12:0 a.m.•2 views

PT-2025-49803

Name of the Vulnerable Software and Affected Versions Custom Admin Menu WordPress plugin versions through 1.0.0 Description The plugin does not properly sanitise and escape a parameter before displaying it on a page, which can lead to a Reflected Cross-Site Scripting issue. This could potentially...

7.1CVSS5.7AI score0.00186EPSS

Exploits0References7

NVD•added 2025/12/08 12:16 p.m.•4 views

CVE-2025-14244

4.8CVSS0.00223EPSS

Exploits1References4

OSV•added 2025/12/08 12:16 p.m.•1 views

CVE-2025-14244

4.8CVSS5.7AI score

Exploits0References4

Cvelist•added 2025/12/08 12:2 p.m.•19 views

CVE-2025-14244 GreenCMS Menu Management CustomController.class.php cross site scripting

4.8CVSS0.00223EPSS

Exploits1References4

Vulnrichment•added 2025/12/08 12:2 p.m.•2 views

CVE-2025-14244 GreenCMS Menu Management CustomController.class.php cross site scripting

4.8CVSS5.4AI score0.00223EPSS

Exploits1References4

EUVD•added 2025/12/08 12:2 p.m.•3 views

EUVD-2025-201704

4.8CVSS5.2AI score0.00223EPSS

Exploits1References5

CVE•added 2025/12/08 12:2 p.m.•11 views

CVE-2025-14244

GreenCMS 2.3.0603 contains a cross-site scripting flaw in the Menu Management Page, due to improper handling of the Link parameter in /Admin/Controller/CustomController.class.php. The vulnerability can be triggered remotely, and exploits have been published. The issue affects products no longer m...

4.8CVSS5.4AI score0.00223EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/12/06 5:54 p.m.•7 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.4CVSS5.4AI score0.00175EPSS

Exploits0References1

Vulnrichment•added 2025/12/05 5:17 p.m.•3 views

CVE-2025-34266 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/addins/menus

5.1CVSS5AI score0.00175EPSS

Exploits0References3

CVE•added 2025/12/05 5:17 p.m.•8 views

CVE-2025-34266

Advantech WISE-DeviceOn Server versions prior to 5.4 are affected by a stored XSS in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds/edits an AddIns menu entry, the label and path are stored in plugin configuration data and later rendered in the AddIns UI without ...

5.4CVSS5AI score0.00175EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by