CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.6AI score0.0021EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 11:5 p.m.•6 views

CVE-2022-3489

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the customwpadminslug settings, allowing unauthenticated attackers to update it with a crafted request...

5.3CVSS6.8AI score0.0014EPSS

Exploits2References1

RedhatCVE•added 2025/04/13 8:59 a.m.•2 views

CVE-2025-31028

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Huseyin Berberoglu WP Hide Categories wp-hide-categories allows Reflected XSS.This issue affects WP Hide Categories: from n/a through = 1.0...

7.1CVSS7.2AI score0.01109EPSS

Exploits0References1

NVD•added 2025/04/11 9:15 a.m.•2 views

CVE-2025-31028

7.1CVSS0.01109EPSS

Exploits0References1

Cvelist•added 2025/04/11 8:42 a.m.•10 views

CVE-2025-31028 WordPress WP Hide Categories plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

7.1CVSS0.01109EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•33 views

CVE-2025-31028

CVE-2025-31028 is a Reflected XSS in the WordPress plugin WP Hide Categories (affected: WP Hide Categories, up to version 1.0). The vulnerability arises from improper neutralization of input during web page generation. According to Wordfence Intelligence, this entry is currently unpatched (patch ...

7.1CVSS7.2AI score0.01109EPSS

Exploits0References1

Vulnrichment•added 2025/04/11 8:42 a.m.•3 views

CVE-2025-31028 WordPress WP Hide Categories plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

7.1CVSS7.3AI score0.01109EPSS

Exploits0References1

Patchstack•added 2025/04/09 5:44 p.m.•2 views

WordPress WP Hide Categories plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Hide Categories versions = 1.0...

7.1CVSS7.2AI score0.01109EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/03/14 3:51 p.m.•9 views

CVE-2025-28910

Cross-Site Request Forgery CSRF vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through = 2.0...

4.3CVSS7.2AI score0.00125EPSS

Exploits0References1

NVD•added 2025/03/11 9:15 p.m.•3 views

CVE-2025-28910

Cross-Site Request Forgery CSRF vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through = 2.0...

4.3CVSS0.00125EPSS

Exploits0References1

Cvelist•added 2025/03/11 9:0 p.m.•12 views

CVE-2025-28910 WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through = 2.0...

4.3CVSS0.00125EPSS

Exploits0References1

CVE•added 2025/03/11 9:0 p.m.•46 views

CVE-2025-28910

CVE-2025-28910 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Hide Admin Bar . Affected versions are listed as up to 2.0. The NVD entry and multiple sources indicate the issue is CSRF in this plugin, with a CVSSv3.1/3.1 base score of 4.3 (Medium) and the at...

4.3CVSS7.2AI score0.00125EPSS

Exploits0References1

Cvelist•added 2024/12/06 5:26 a.m.•17 views

CVE-2024-11585 WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion

The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to...

7.5CVSS0.02009EPSS

Exploits0References2

NVD•added 2023/11/13 2:15 a.m.•7 views

CVE-2023-34378

Cross-Site Request Forgery CSRF vulnerability in scriptburn.Com WP Hide Post plugin = 2.0.10 versions...

8.8CVSS0.00074EPSS

Exploits0References1