CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1276 matches found

Cvelist•added 2025/09/22 6:25 p.m.•11 views

CVE-2025-59585 WordPress Penci Recipe Plugin <= 4.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through = 4.0...

6.5CVSS0.00159EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:25 p.m.•1 views

CVE-2025-59586 WordPress Penci Portfolio Plugin <= 3.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Portfolio allows DOM-Based XSS. This issue affects Penci Portfolio: from n/a through 3.5...

6.5CVSS6AI score0.00159EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:25 p.m.•18 views

CVE-2025-59589 WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.6.8...

6.5CVSS0.00159EPSS

Exploits0References1

CVE•added 2025/09/22 6:24 p.m.•18 views

CVE-2025-57954

CVE-2025-57954 is a valid cross-site scripting vulnerability in Poll Maker (WordPress plugin) that is DOM-based/XSS. Connected docs confirm affected software and technical details: Poll Maker versions up to 6.0.2 are vulnerable to a Stored Cross-Site Scripting (Authenticated) via input handling d...

6.5CVSS5.9AI score0.00285EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:24 p.m.•2 views

CVE-2025-57953 WordPress Open User Map Plugin <= 1.4.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 100plugins Open User Map open-user-map allows DOM-Based XSS.This issue affects Open User Map: from n/a through = 1.4.14...

6.5CVSS5.2AI score0.00285EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:24 p.m.•3 views

CVE-2025-58002 WordPress GD bbPress Tools Plugin <= 3.5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD bbPress Tools gd-bbpress-tools allows DOM-Based XSS.This issue affects GD bbPress Tools: from n/a through = 3.5.3...

6.5CVSS5.2AI score0.0019EPSS

Exploits0References1

CVE•added 2025/09/22 6:24 p.m.•13 views

CVE-2025-58002

CVE-2025-58002 affects GD bbPress Tools for WordPress (WordPress plugin). The issue is DOM-based XSS caused by improper input neutralization during web page generation, enabling cross-site scripting. Affected versions are from n/a up to 3.5.3. The CVSSv3.1 base score is 6.5 (Medium) with network ...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:23 p.m.•4 views

CVE-2025-58651 WordPress PlayerJS Plugin <= 2.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.24...

6.5CVSS5.9AI score0.00196EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•6 views

PT-2025-38909

Name of the Vulnerable Software and Affected Versions bestweblayout Portfolio versions through 2.58 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-Site Scripting XSS issue. This allows for potential malicious co...

5.9CVSS6.4AI score0.0021EPSS

Exploits0References3

CNNVD•added 2025/09/22 12:0 a.m.•1 views

WordPress plugin Bg Church Memos 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References2

Positive Technologies•added 2025/09/22 12:0 a.m.•2 views

PT-2025-38804

Name of the Vulnerable Software and Affected Versions Ays Pro Poll Maker versions through 6.0.1 Description Ays Pro Poll Maker is susceptible to a DOM-Based Cross-site Scripting issue due to improper input neutralization during web page generation. This allows for the injection of malicious scrip...

6.5CVSS6.8AI score0.00285EPSS

Exploits0References3

CNNVD•added 2025/09/22 12:0 a.m.•2 views

WordPress plugin Directory Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.9AI score0.0025EPSS

Exploits0References1

CNNVD•added 2025/09/22 12:0 a.m.•2 views

WordPress plugin Penci Shortcodes & Performance 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which has the ability to host personal blog sites on PHP and MySQL based servers.WordPres...

6.5CVSS5.9AI score0.00159EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•6 views

PT-2025-39037

Name of the Vulnerable Software and Affected Versions Coderz Studio Custom iFrame for Elementor versions through 1.0.13 Description An issue exists in Coderz Studio Custom iFrame for Elementor that allows for DOM-Based Cross-site Scripting XSS. The issue is due to improper neutralization of input...

6.5CVSS6.2AI score0.0019EPSS

Exploits0References4

Positive Technologies•added 2025/09/22 12:0 a.m.•4 views

PT-2025-39055

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Recipe versions through 4.0 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the potential execution ...

6.5CVSS6.5AI score0.00159EPSS

Exploits0References3

CNNVD•added 2025/09/15 12:0 a.m.•3 views

drawnix 跨站脚本漏洞

drawnix is a whiteboard tool from plait-board open source. A cross-site scripting vulnerability exists in drawnix 0.2.1 and earlier versions, which stems from not cleaning up user input and inserting it directly into the DOM via innerHTML, which may lead to cross-site scripting attacks...

5.3CVSS6AI score0.00429EPSS

Exploits0References2

RedhatCVE•added 2025/09/07 2:33 p.m.•3 views

CVE-2025-58834

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gugu short.io wp-shortcm allows DOM-Based XSS.This issue affects short.io: from n/a through = 2.4.2...

6.5CVSS5.9AI score0.00202EPSS

Exploits0References1

RedhatCVE•added 2025/09/05 3:22 p.m.•2 views

CVE-2025-58618

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Jernigan Pie Calendar pie-calendar allows DOM-Based XSS.This issue affects Pie Calendar: from n/a through = 1.2.8...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

RedhatCVE•added 2025/09/05 3:22 p.m.•2 views

CVE-2025-58623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bohemia Plugins Event Feed for Eventbrite event-feed-for-eventbrite allows DOM-Based XSS.This issue affects Event Feed for Eventbrite: from n/a through = 1.3.2...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

NVD•added 2025/09/05 2:15 p.m.•2 views

CVE-2025-58834

6.5CVSS0.00202EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by