CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Blogger Buzz blogger-buzz allows Stored XSS.This issue affects Blogger Buzz: from n/a through = 1.2.6...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

NVD•added 2025/08/14 11:15 a.m.•2 views

CVE-2025-54680

6.5CVSS0.0019EPSS

Exploits0References1

CVE•added 2025/08/14 10:34 a.m.•11 views

CVE-2025-54680

CVE-2025-54680 is a Stored XSS in the Blogger Buzz WordPress theme by Sparkle Themes, affecting Blogger Buzz versions up to 1.2.6. Root cause: improper neutralization of input during web page generation. CVSS v3.1 base score 6.5 (Medium); attack vector network, low complexity, user interaction re...

6.5CVSS5.9AI score0.0019EPSS

Exploits0References1

Positive Technologies•added 2025/08/14 12:0 a.m.•3 views

PT-2025-33232 · Unknown · Sparkle Themes Blogger Buzz

Name of the Vulnerable Software and Affected Versions: Sparkle Themes Blogger Buzz versions through 1.2.6 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting XSS. Recommendations: Update to a version later than 1.2.6...

6.5CVSS6.3AI score0.0019EPSS

Exploits0References3

RedhatCVE•added 2025/06/23 8:40 a.m.•3 views

CVE-2025-50030

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through = 1.0.7...

6.5CVSS5.9AI score0.00204EPSS

Exploits0References1

RedhatCVE•added 2025/06/23 8:40 a.m.•3 views

CVE-2025-50033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through = 1.1.1...

6.5CVSS5.9AI score0.00204EPSS

Exploits0References1

NVD•added 2025/06/20 3:15 p.m.•9 views

CVE-2025-50033

6.5CVSS0.00204EPSS

Exploits0References1

NVD•added 2025/06/20 3:15 p.m.•6 views

CVE-2025-50030

6.5CVSS0.00204EPSS

Exploits0References1

CVE•added 2025/06/20 3:3 p.m.•13 views

CVE-2025-50030

CVE-2025-50030 corresponds to a DOM-Based XSS in the Spark Multipurpose WordPress theme (Sparkle Themes). Public details confirm improper input neutralization during web page generation, affecting Spark Multipurpose versions up to 1.0.7 (no fixed version listed). Reported CVSS v3.1 vector yields ...

6.5CVSS5.9AI score0.00204EPSS

Exploits0References1

CVE•added 2025/06/20 3:3 p.m.•19 views

CVE-2025-50033

CVE-2025-50033 affects the WordPress Fitness Park theme (versions n/a through 1.1.1). It is a DOM-based XSS caused by improper input neutralization during web page generation. Multiple sources (Wordfence, Patchstack, CVE listings) confirm the vulnerability and note that a patch is not available y...

6.5CVSS5.9AI score0.00204EPSS

Exploits0References1

Positive Technologies•added 2025/06/20 12:0 a.m.•1 views

PT-2025-26386 · Unknown · Sparkle Themes Fitness Park

Name of the Vulnerable Software and Affected Versions: Sparkle Themes Fitness Park versions n/a through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attack...

6.5CVSS5.8AI score0.00204EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 6:5 a.m.•4 views

CVE-2023-30476

Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2...

4.3CVSS8.5AI score0.00385EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:10 a.m.•4 views

CVE-2023-28416

Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5...

4.3CVSS8AI score0.00377EPSS

Exploits0References1

NVD•added 2024/12/09 1:15 p.m.•7 views

CVE-2023-30476

Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2...

4.3CVSS0.00385EPSS

Exploits0References1

NVD•added 2024/12/09 1:15 p.m.•7 views

CVE-2023-28416

Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5...

4.3CVSS0.00377EPSS

Exploits0References1

CVE•added 2024/12/09 11:31 a.m.•40 views

CVE-2023-28416

CVE-2023-28416 affects the WordPress Chankhe theme (Sparkle Themes) up to version 1.0.5. Root cause: Missing Authorization due to incorrectly configured access control, enabling authenticated users (Subscriber) to activate plugins arbitrarily. Impact is limited to authenticated plugin-activation ...

4.3CVSS8AI score0.00377EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by