CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/03/03 2:15 p.m.•3 views

CVE-2025-23437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nordtramper ntp-header-images header-images-rotator allows Reflected XSS.This issue affects ntp-header-images: from n/a through = 1.2...

7.1CVSS0.00276EPSS

CVE•added 2025/03/03 1:30 p.m.•128 views

CVE-2025-26970

CVE-2025-26970 : WordPress Ark Theme Core (ark-core)

10CVSS7.2AI score0.00626EPSS

Exploits0References1Affected Software1

CVE•added 2025/03/03 1:30 p.m.•57 views

CVE-2025-27279

CVE-2025-27279 is a Reflected XSS in the WordPress Flashfader plugin (affected: NotFound Flashfader; versions up to and including 1.1.1). It arises from improper input neutralization during web page generation, enabling reflected cross-site scripting. Public records in the connected documents ide...

7.1CVSS7.2AI score0.00224EPSS

CVE•added 2025/03/03 1:30 p.m.•59 views

CVE-2025-27269

CVE-2025-27269 relates to the WordPress plugin “.htaccess Login block” (vulnerable:

7.1CVSS7.2AI score0.00294EPSS

CVE•added 2025/03/03 1:30 p.m.•60 views

CVE-2025-27274

CVE-2025-27274: WordPress GPX Viewer (NotFound GPX Viewer) is affected up to version 2.2.11 by a path traversal vulnerability. Root cause is a path traversal flaw in the GPX Viewer component. Remediation: update to GPX Viewer 2.2.11 or later (patched). Exploitation details are not provided in the...

4.9CVSS7.2AI score0.00473EPSS

Exploits0References1Affected Software1

CVE•added 2025/03/03 1:30 p.m.•57 views

CVE-2025-27271

CVE-2025-27271 is a Reflected XSS in the WordPress plugin “DB Tables Import/Export” affecting version range from n/a through 1.0.1. The description identifies improper input neutralization during web page generation as the root cause. Multiple connected sources corroborate the same vulnerability ...

7.1CVSS7.2AI score0.00224EPSS

CVE•added 2025/03/03 1:30 p.m.•57 views

CVE-2025-26588

CVE-2025-26588 describes a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin TTT Crop . The Initial Description specifies a Reflected XSS affecting “NotFound TTT Crop” from n/a through 1.0. Connected documents corroborate the issue as a Reflected Cross Site Scripting vuln...

7.1CVSS7.2AI score0.00294EPSS

CVE•added 2025/03/03 1:30 p.m.•61 views

CVE-2025-27263

CVE-2025-27263 covers a SQL Injection in WordPress plugin Doctor Appointment Booking (NotFound Doctor Appointment Booking). Affected: Doctor Appointment Booking versions n/a through 1.0.0. Root cause: improper neutralization of input in SQL commands. Impact: confidentiality impact High (as per CV...

8.5CVSS7.3AI score0.00424EPSS

CVE•added 2025/03/03 1:30 p.m.•59 views

CVE-2025-26589

CVE-2025-26589 concerns the WordPress plugin IE CSS3 Support (

7.1CVSS7.2AI score0.00294EPSS

CVE•added 2025/03/03 1:30 p.m.•62 views

CVE-2025-26585

CVE-2025-26585 — WordPress plugin DL Leadback is affected by a Reflected Cross-Site Scripting (XSS) vulnerability in versions up to 1.2.1 due to improper input neutralization during web page generation. Public sources (NVD/Red Hat/CVE listings) describe the flaw as DL Leadback: notcapped escalati...

CVE•added 2025/03/03 1:30 p.m.•60 views

CVE-2025-26587

CVE-2025-26587 is a Reflected Cross-Site Scripting vulnerability in WordPress sidebarTabs

CVE•added 2025/03/03 1:30 p.m.•58 views

CVE-2025-26540

CVE-2025-26540 corresponds to a path traversal vulnerability in the WordPress Helloprint plugin. The affected component is the Helloprint plugin for WordPress, with versions n/a through 2.0.7. Root cause: improper limitation of a pathname to a restricted directory, enabling traversal to access or...

7.7CVSS7.2AI score0.00668EPSS

CVE•added 2025/03/03 1:30 p.m.•49 views

CVE-2025-26586

CVE-2025-26586 corresponds to a WordPress plugin issue: WordPress Events Planner

CVE•added 2025/03/03 1:30 p.m.•56 views

CVE-2025-26563

CVE-2025-26563 is described as a Reflected XSS in the WordPress Mobile/NotFound (NotFound Mobile) plugin, with the NotFound Mobile variant affected up to version 1.3.3. The CVE entry cites an improper input handling during web page generation as the root cause, enabling cross-site scripting. The ...

Cvelist•added 2025/03/03 1:30 p.m.•18 views

CVE-2025-26563 WordPress Rocket Mobile Plugin <= 0.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Muneeb Mobile rocket-wp-mobile allows Reflected XSS.This issue affects Mobile: from n/a through = 1.3.3...

7.1CVSS0.00363EPSS

Vulnrichment•added 2025/03/03 1:30 p.m.•6 views

CVE-2025-25169 WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...

CVE•added 2025/03/03 1:30 p.m.•43 views

CVE-2025-25164

CVE-2025-25164 affects WordPress Meta Accelerator plugin versions up to 1.0.4, where Reflected XSS arises from improper input neutralization during web page generation. Root cause: improper neutralization of user input leads to reflected cross-site scripting. Impact: XSS could affect pages render...

CVE•added 2025/03/03 1:30 p.m.•44 views

CVE-2025-25165

CVE-2025-25165 affects WordPress Staff Directory Plugin: Company Directory (versions up to 4.3). Vulnerability: Stored XSS due to improper neutralization of input during web page generation. Impact/conditions: the issue is a cross-site scripting vulnerability described in multiple sources; the CV...

CVE•added 2025/03/03 1:30 p.m.•45 views

CVE-2025-25170

CVE-2025-25170 affects the WordPress Migrate Posts plugin (versions