CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3447 matches found

RedhatCVE•added 2025/09/12 7:11 a.m.•2 views

CVE-2025-9367

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.11.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

5.5CVSS5AI score0.00049EPSS

Exploits0References1

RedhatCVE•added 2025/09/11 6:23 a.m.•9 views

CVE-2025-8889

The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

6.5CVSS6.8AI score0.00084EPSS

Exploits2References1

NVD•added 2025/09/10 7:15 a.m.•1 views

CVE-2025-9367

5.5CVSS0.00049EPSS

Exploits0References3

Vulnrichment•added 2025/09/10 6:38 a.m.•1 views

CVE-2025-9367 Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5CVSS4.7AI score0.00049EPSS

Exploits0References3

Cvelist•added 2025/09/10 6:38 a.m.•6 views

CVE-2025-9367 Welcart e-Commerce <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5CVSS0.00049EPSS

Exploits0References3

Positive Technologies•added 2025/09/10 12:0 a.m.•2 views

PT-2025-37020

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions prior to 2.11.21 Description: The Welcart e-Commerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through settings. Insufficient input sanitization and output escaping...

5.5CVSS5.1AI score0.00049EPSS

Exploits0References6

Tenable Nessus•added 2025/09/10 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2022-2763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to...

4.8CVSS5.9AI score0.0049EPSS

Exploits2References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2022-2628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin ...

4.8CVSS5.9AI score0.00485EPSS

Exploits2References2

NVD•added 2025/09/09 6:15 a.m.•2 views

CVE-2025-9111

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00082EPSS

Exploits1References1

OSV•added 2025/09/09 6:15 a.m.•1 views

CVE-2025-9111

3.5CVSS5.8AI score0.00082EPSS

Exploits1References1

OSV•added 2025/09/09 6:15 a.m.•3 views

CVE-2025-8889

3.8CVSS5.9AI score

Exploits0References1

NVD•added 2025/09/09 6:15 a.m.•6 views

CVE-2025-8889

3.8CVSS0.00084EPSS

Exploits2References1

Cvelist•added 2025/09/09 6:0 a.m.•4 views

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

0.00082EPSS

Exploits1References1

Vulnrichment•added 2025/09/09 6:0 a.m.•3 views

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

4.9AI score0.00082EPSS

Exploits1References1

CVE•added 2025/09/09 6:0 a.m.•9 views

CVE-2025-9111

The CVE-2025-9111 entry applies to the WordPress plugin “AI ChatBot for WordPress” (WPBOT) versions before 7.1.0. The issue is a failure to sufficiently sanitise and escape some settings, which could allow stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

3.5CVSS4.9AI score0.00082EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/09/09 6:0 a.m.•8 views

CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

6.5AI score0.00084EPSS

Exploits2References1

Cvelist•added 2025/09/09 6:0 a.m.•8 views

CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

0.00084EPSS

Exploits2References1

CVE•added 2025/09/09 6:0 a.m.•12 views

CVE-2025-8889

The CVE-2025-8889 affects the WordPress plugin Compress & Upload (versions prior to 1.0.5). The root cause is inadequate validation of uploaded files, allowing high-privilege users (e.g., admin) to upload arbitrary files on the server (including in multisite setups). Exploitation details indicate...

3.8CVSS6.5AI score0.00084EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2025/09/09 12:0 a.m.•6 views

PT-2025-36576

Name of the Vulnerable Software and Affected Versions: Compress & Upload WordPress plugin versions prior to 1.0.5 Description: The Compress & Upload WordPress plugin does not properly validate uploaded files, allowing high privilege users, such as administrators, to upload arbitrary files to the...

3.8CVSS5.9AI score0.00084EPSS

Exploits2References7

NVD•added 2025/09/03 6:15 a.m.•2 views

CVE-2023-3666

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.3CVSS0.00054EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by