CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

5.5CVSS0.00226EPSS

Exploits0References2

CVE•added 2025/06/04 6:0 a.m.•40 views

CVE-2025-4580

CVE-2025-4580 affects the WordPress File Provider plugin (versions

4.3CVSS6.8AI score0.00091EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/05/26 3:1 a.m.•11 views

CVE-2025-5055

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.8AI score0.00163EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:24 p.m.•3 views

CVE-2021-24586

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

4.3CVSS5.8AI score0.00144EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by