CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/01/09 8:55 a.m.•2 views

CVE-2023-40663

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rextheme WP VR plugin = 8.3.4 versions...

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

EUVD•added 2025/10/27 3:30 a.m.•2 views

EUVD-2025-36052

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.42...

6.5CVSS5.9AI score0.0003EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 5:41 a.m.•2 views

CVE-2023-0174

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00252EPSS

Exploits1References1

CNNVD•added 2025/01/24 12:0 a.m.•2 views

WordPress plugin WP VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS8AI score0.00152EPSS

Exploits0References2

OSV•added 2024/10/21 12:15 p.m.•1 views

CVE-2024-49293

Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4...

5.4CVSS5.8AI score0.00165EPSS

Exploits0References1

Patchstack•added 2024/10/15 11:49 a.m.•2 views

WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin WP VR versions = 8.5.4...

5.4CVSS7AI score0.00165EPSS

Exploits0Affected Software1

Patchstack•added 2024/09/24 9:39 a.m.•2 views

WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin VR Calendar versions = 2.4.0...

7.5CVSS7AI score0.01077EPSS

Exploits0Affected Software1

Patchstack•added 2024/09/24 12:0 a.m.•6 views

WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion

Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...

7.5CVSS6.8AI score0.01077EPSS

Exploits0References2Affected Software1

OSV•added 2023/04/17 1:15 p.m.•0 views

CVE-2023-1413

The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.8AI score0.00218EPSS

Exploits1References1

Positive Technologies•added 2023/04/17 12:0 a.m.•2 views

PT-2023-16966 · WordPress · Wp Vr

Name of the Vulnerable Software and Affected Versions: WP VR WordPress plugin versions prior to 8.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitised and escaped before being outputted back in the page. Th...

6.1CVSS8.6AI score0.00218EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by