CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6239 matches found

NVD•added 2025/02/25 3:15 p.m.•6 views

CVE-2025-26962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

6.5CVSS0.00231EPSS

Exploits0References1

NVD•added 2025/02/25 3:15 p.m.•3 views

CVE-2025-26896

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vpiwigo PiwigoPress piwigopress allows Stored XSS.This issue affects PiwigoPress: from n/a through = 2.33...

6.5CVSS0.00231EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•12 views

CVE-2025-26949 WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Team Section Block team-section allows Stored XSS.This issue affects Team Section Block: from n/a through = 1.0.9...

6.5CVSS0.00237EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•12 views

CVE-2025-26893 WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kiran Potphode Easy Charts easy-charts allows DOM-Based XSS.This issue affects Easy Charts: from n/a through = 1.2.3...

6.5CVSS0.00231EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•16 views

CVE-2025-26881 WordPress Sticky Content plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Sticky Content sticky-menu-block allows Stored XSS.This issue affects Sticky Content: from n/a through = 1.0.1...

6.5CVSS0.00237EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•15 views

CVE-2024-54444 WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through = 3.25.10...

6.5CVSS0.00265EPSS

Exploits0References1

Veracode•added 2025/02/25 7:7 a.m.•5 views

Cross-site Scripting (XSS)

Keycloak is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to a privileged attacker being able to inject a malicious payload as the permission while creating items Resource and Permissions from the admin console...

3.8CVSS3.8AI score0.00278EPSS

Exploits0References4

Vulnrichment•added 2025/02/24 2:49 p.m.•7 views

CVE-2025-27352 WordPress 无觅相关文章插件 plugin <= 1.0.5.7 - CSRF to Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wumii team 无觅相关文章插件 wumii-related-posts allows Stored XSS.This issue affects 无觅相关文章插件: from n/a through = 1.0.5.7...

7.1CVSS8.6AI score0.00224EPSS

Exploits0References1

Cvelist•added 2025/02/24 2:48 p.m.•12 views

CVE-2025-27307 WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oooorgle Quotes llama quotes-llama allows Reflected XSS.This issue affects Quotes llama: from n/a through = 3.0.1...

6.5CVSS0.00245EPSS

Exploits0References1

Vulnrichment•added 2025/02/24 2:48 p.m.•7 views

CVE-2025-27265 WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aaron D. Campbell Google Maps for WordPress google-maps-for-wordpress allows DOM-Based XSS.This issue affects Google Maps for WordPress: from n/a through = 1.0.3...

6.5CVSS8.6AI score0.00245EPSS

Exploits0References1

Vulnrichment•added 2025/02/24 12:0 a.m.•6 views

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

4.7AI score0.00504EPSS

Exploits1References2

CNNVD•added 2025/02/24 12:0 a.m.•2 views

WordPress plugin Table of Contents Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Table o...

6.5CVSS7.6AI score0.00245EPSS

Exploits0References2

Cvelist•added 2025/02/23 2:31 p.m.•22 views

CVE-2025-1586 code-projects Blood Bank System A-.php cross site scripting

A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has...

5.1CVSS0.00411EPSS

Exploits1References5

Cvelist•added 2025/02/21 9:9 p.m.•15 views

CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions

dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...

7.3CVSS0.00256EPSS

Exploits0References2

CVE•added 2025/02/21 9:21 a.m.•50 views

CVE-2024-13648

The CVE-2024-13648 entry for Maps for WP is supported by connected Wordfence details that describe a Stored Cross-Site Scripting via the MapOnePoint shortcode in all versions up to 1.2.4, exploitable by authenticated users with contributor+ privileges. The underlying issue is insufficient input s...

6.4CVSS5.7AI score0.00271EPSS

Exploits0References3Affected Software1

OSV•added 2025/02/21 4:15 a.m.•2 views

CVE-2025-1407

The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteamskills shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00217EPSS

Exploits0References2

CVE•added 2025/02/21 3:21 a.m.•69 views

CVE-2025-1406

The CVE-2025-1406 entry concerns the Newpost Catch WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the npc shortcode in all versions up to 1.3.19, caused by insufficient input sanitization and output escaping for user-supplied attributes. The impact is that an authenticated ...

6.4CVSS5.7AI score0.00271EPSS

Exploits0References3Affected Software1

Patchstack•added 2025/02/21 12:0 a.m.•1 views

WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Better Customer List for WooCommerce versions = 1.2.3...

6.1AI score

Exploits0Affected Software1

OpenVAS•added 2025/02/20 12:0 a.m.•12 views

WordPress Filebird plugin < 5.6.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjateam:filebird"; ifdescription...

5.5CVSS5.7AI score0.00404EPSS

Exploits0References1

OpenVAS•added 2025/02/20 12:0 a.m.•21 views

WordPress Yoast SEO Plugin < 3.4.1 XSS Vulnerability

5.4CVSS7AI score0.01115EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by