CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104 matches found

NVD•added 2026/02/18 10:16 a.m.•2 views

CVE-2026-2126

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the uspgetsubmittedcategory function accepting user-submitted category IDs from the POST body...

5.3CVSS0.00032EPSS

Exploits0References4

NVD•added 2026/01/24 8:16 a.m.•3 views

CVE-2025-14797

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

5.4CVSS0.00017EPSS

Exploits0References5

ATTACKERKB•added 2026/01/16 8:23 a.m.•3 views

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

6.4CVSS5.5AI score0.00016EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 9:28 a.m.•5 views

CVE-2023-49180

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2...

5.9CVSS6.6AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•5 views

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

6.4CVSS5.8AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/12/25 1:23 p.m.•3 views

CVE-2025-68509

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through = 20251121...

4.7CVSS6.9AI score0.00128EPSS

Exploits0References1

Cvelist•added 2025/11/13 9:24 a.m.•5 views

CVE-2025-64262 WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through = 3.0.0...

6.5CVSS0.00015EPSS

Exploits0References1

RedhatCVE•added 2025/10/28 2:38 a.m.•4 views

CVE-2025-62905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through = 0.3.2...

6.5CVSS6AI score0.0003EPSS

Exploits0References1

NVD•added 2025/10/27 2:15 a.m.•2 views

CVE-2025-62905

6.5CVSS0.0003EPSS

Exploits0References1

Vulnrichment•added 2025/10/27 1:33 a.m.•1 views

CVE-2025-62905 WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability

5.6AI score0.0003EPSS

Exploits0References1

CVE•added 2025/10/15 7:23 a.m.•9 views

CVE-2025-11501

CVE-2025-11501: The WordPress plugin Dynamically Display Posts is vulnerable to SQL Injection via tax_query in all versions up to 1.1 due to insufficient escaping and lack of prepared statements. This allows unauthenticated attackers to append additional SQL to existing queries, enabling potentia...

7.5CVSS6.4AI score0.001EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-3194

Malware in sbrugna...

6.8CVSS6.4AI score0.00134EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-1992

Malware in sbrugna...

6.1CVSS6.3AI score0.00174EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-9201

Malware in sbrugna...

6.1CVSS6.3AI score0.0019EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-52004

Malicious code in bioql PyPI...

7.2CVSS7AI score0.01086EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2023-23659

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00121EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-49365

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.01344EPSS

Exploits0References2

Patchstack•added 2025/09/28 3:16 a.m.•4 views

WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Posts versions = 0.3.2...

5.4CVSS6.1AI score0.0003EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/07/24 12:0 a.m.•1 views

PT-2025-30653 · WordPress · Hiweb Export Posts

Name of the Vulnerable Software and Affected Versions: hiWeb Export Posts plugin for WordPress versions up to and including 0.9.0.0 Description: The hiWeb Export Posts plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

8.1CVSS7.6AI score0.01308EPSS

Exploits0References3

NVD•added 2025/05/23 1:15 p.m.•6 views

CVE-2025-46518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts igit-related-posts-with-thumb-images-after-posts allows Stored XSS.This issue affects IGIT Related Posts With Thumb Image After Posts: fr...

6.5CVSS0.00143EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by