CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/01/21 7:13 a.m.•5 views

WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability

WordPress Nexter Extension - Site Enhancements Toolkit plugin = 4.4.6 - Unauthenticated PHP Object Injection via 'nxtunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Nexter Extension versions = 4.4.6...

8.1CVSS5.5AI score0.00261EPSS

Exploits0References1Affected Software1

NVD•added 2026/01/20 3:20 p.m.•3 views

CVE-2026-0726

8.1CVSS0.00261EPSS

ATTACKERKB•added 2026/01/20 2:26 p.m.•2 views

CVE-2026-0726

8.1CVSS6AI score0.00261EPSS

Exploits0References3

Vulnrichment•added 2026/01/20 2:26 p.m.•3 views

CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'

8.1CVSS6.2AI score0.00261EPSS

CVE•added 2026/01/20 2:26 p.m.•26 views

CVE-2026-0726

CVE-2026-0726 (Nexter Extension – Site Enhancements Toolkit, WordPress) is a PHP Object Injection vulnerability in the Nexter Extension plugin, affecting all versions up to and including 4.4.6, via deserialization in nxt_unserialize_replace. An unauthenticated attacker can inject a PHP Object if ...

8.1CVSS6.2AI score0.00261EPSS

Cvelist•added 2026/01/20 2:26 p.m.•12 views

CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'

8.1CVSS0.00261EPSS

CNNVD•added 2026/01/20 12:0 a.m.•2 views

WordPress plugin Nexter Extension – Site Enhancements Toolkit code issues and vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS6AI score0.00261EPSS

RedhatCVE•added 2026/01/09 8:58 a.m.•3 views

CVE-2023-45751

Improper Control of Generation of Code 'Code Injection' vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3...

9.1CVSS7.6AI score0.00483EPSS

RedhatCVE•added 2026/01/09 8:58 a.m.•5 views

CVE-2023-45750

Unauth. Reflected Cross-Site Scripting XSS vulnerability in POSIMYTH Nexter Extension plugin = 2.0.3 versions...

7.1CVSS5.9AI score0.00193EPSS

RedhatCVE•added 2025/12/03 2:2 p.m.•3 views

CVE-2025-13731

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00037EPSS

Patchstack•added 2025/12/02 8:25 p.m.•9 views

WordPress Nexter Extension plugin <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Nexter Extension versions = 4.4.1...

6.4CVSS5.6AI score0.00037EPSS

Exploits0References1Affected Software1

EUVD•added 2025/12/02 3:30 p.m.•2 views

EUVD-2025-200241

6.4CVSS4.5AI score0.00037EPSS

Exploits0References5

NVD•added 2025/12/02 2:16 p.m.•3 views

CVE-2025-13731

6.4CVSS0.00037EPSS

Cvelist•added 2025/12/02 1:53 p.m.•5 views

CVE-2025-13731 Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00037EPSS

CVE•added 2025/12/02 1:53 p.m.•10 views

CVE-2025-13731

CVE-2025-13731 impacts the Nexter Extension – Site Enhancements Toolkit for WordPress. The issue is a Stored Cross-Site Scripting vulnerability in the nxt-year shortcode caused by insufficient input sanitization and output escaping, affecting versions up to 4.4.1. Exploitation requires authentica...

6.4CVSS4.7AI score0.00037EPSS

Vulnrichment•added 2025/12/02 1:53 p.m.•2 views

CVE-2025-13731 Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.6AI score0.00037EPSS

CNNVD•added 2025/12/02 12:0 a.m.•3 views

WordPress plugin Nexter Extension – Site Enhancements Toolkit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...

6.4CVSS5.6AI score0.00037EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-50040

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.00483EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-50039

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00193EPSS