CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

56 matches found

CVE-2025-12714

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00057EPSS

Exploits0References7

EUVD•added 5 days ago•4 views

EUVD-2025-209984

5.3CVSS5.8AI score0.00057EPSS

Exploits0References6

Positive Technologies•added 5 days ago•3 views

PT-2026-44796

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update site editor homepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00057EPSS

Exploits0References7

CNNVD•added 5 days ago•3 views

WordPress plugin Rank Math SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00057EPSS

Exploits0References6

EUVD•added 2026/04/16 8:44 p.m.•3 views

EUVD-2026-23106

Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS...

8.7CVSS5.8AI score0.00037EPSS

Exploits1References3

OSV•added 2026/04/16 8:44 p.m.•2 views

GHSA-855C-R2VQ-C292 Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

8.7CVSS5.9AI score0.00037EPSS

Exploits1References5

Snyk•added 2026/04/15 9:26 p.m.•4 views

Cross-site Scripting (XSS)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

8.7CVSS5.5AI score0.00037EPSS

Exploits1References2

NVD•added 2026/04/15 8:16 p.m.•2 views

CVE-2026-35569

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...

8.7CVSS0.00037EPSS

Exploits1References3

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33172

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description A stored cross-site scripting issue exists in SEO-related fields, specifically the SEO Title and Meta Description. User-controlled input is rendered without proper output encoding into HTML...

8.7CVSS5.8AI score0.00037EPSS

Exploits1References8

EUVD•added 2026/04/08 9:32 p.m.•1 views

EUVD-2024-27739

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

5.3CVSS5.9AI score0.00748EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:40 p.m.•5 views

CVE-2023-43344

Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component...

5.4CVSS6.2AI score0.00389EPSS

Exploits1References1

RedhatCVE•added 2025/10/28 2:38 a.m.•1 views

CVE-2025-62928

Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through = 1.2.0...

4.3CVSS7AI score0.00056EPSS

Exploits0References1

NVD•added 2025/10/27 2:15 a.m.•1 views

CVE-2025-62928

4.3CVSS0.00056EPSS

Exploits0References1

CVE•added 2025/10/27 1:34 a.m.•7 views

CVE-2025-62928

CVE-2025-62928 relates to a Missing Authorization issue in WordPress plugin SEO Meta Description Updater (versions n/a to 1.2.0). The vulnerability is described as Broken Access Control allowing exploitation due to incorrectly configured access levels. Public sources in the Connected documents (N...

4.3CVSS6.6AI score0.00056EPSS

Exploits0References1

Vulnrichment•added 2025/10/27 1:34 a.m.•1 views

CVE-2025-62928 WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability

4.3CVSS6.6AI score0.00056EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•2 views

WordPress plugin SEO Meta Description Updater Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS5.8AI score0.00056EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-0910

Malware in sbrugna...

5CVSS6.3AI score0.0169EPSS

Exploits0References4