CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-8902 refers to the WordPress plugin Widget Options - Extended . The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the plugin’s shortcodes (specifically the do_sidebar shortcode) across versions up to and including 5.2.1, caused by insufficient input sanitization and output...

6.4CVSS4.8AI score0.00185EPSS

Exploits0References2

Positive Technologies•added 2025/09/23 12:0 a.m.•7 views

PT-2025-39113

Name of the Vulnerable Software and Affected Versions Widget Options - Extended plugin for WordPress versions prior to 5.2.2 Description The software is susceptible to Stored Cross-Site Scripting through the 'do sidebar' shortcode due to inadequate input sanitization and output escaping of...

6.4CVSS5.5AI score0.00185EPSS

Exploits0References6

CNNVD•added 2025/09/17 12:0 a.m.•6 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.527 and earlier and LTS 2.516.2 and earlier, which stems from a failure to...

5.3CVSS7.3AI score0.04735EPSS

Exploits0References2

Tenable Nessus•added 2025/09/04 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2021-45473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL aka a page-information sidebar...

6.1CVSS6.2AI score0.01248EPSS

Exploits1References2

Patchstack•added 2025/08/21 11:34 a.m.•11 views

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

6.5CVSS6.9AI score0.00452EPSS

Exploits0Affected Software1

ATTACKERKB•added 2025/08/20 8:3 a.m.•4 views

CVE-2025-49400

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic allows Stored XSS. This issue affects WP Visitor Statistics Real Time Traffic: from n/a through 8.2...

9.8CVSS5.2AI score0.00452EPSS

Exploits0References3

Patchstack•added 2025/07/28 6:1 a.m.•6 views

WordPress Responsive Sidebar plugin <= 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Responsive Sidebar versions = 1.2.2...

7.5CVSS7AI score0.0037EPSS

Exploits0Affected Software1

OSV•added 2025/07/25 5:35 p.m.•1 views

SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...

9.8CVSS6.9AI score0.03057EPSS

Exploits1References31

SUSE Linux•added 2025/07/17 8:52 a.m.•1 views

Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...

8.8CVSS7.2AI score0.03057EPSS

Exploits1References28

OSV•added 2025/07/17 8:52 a.m.•1 views

SUSE-SU-2025:02339-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...

9.8CVSS6.6AI score0.03057EPSS

Exploits1References15

NVD•added 2025/06/27 2:15 p.m.•5 views

CVE-2025-53293

Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through = 1.2.3...

4.3CVSS0.00222EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 1:21 p.m.•2 views

CVE-2025-53293 WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3...

4.3CVSS7.1AI score0.00222EPSS

Exploits0References1

CNNVD•added 2025/06/27 12:0 a.m.•2 views

WordPress plugin Dalgaard Johansen Dashboard Widget Sidebar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.4AI score0.00222EPSS

Exploits0References2