CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress SureForms plugin < 1.4.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.4.4...

3.5CVSS5.9AI score0.00219EPSS

Patchstack•added 2025/12/31 12:0 a.m.•6 views

WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ultimate Dashboard versions 3.8.6...

3.5CVSS5.9AI score0.00219EPSS

CVE•added 2025/09/29 6:0 a.m.•10 views

CVE-2024-5200

CVE-2024-5200 – Postie WordPress plugin before 1.9.71 suffers from insufficient sanitization/escaping of settings, enabling stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as multisite) per CNVD/Red Hat/PatchStack entries. Affected product: Postie Pl...

4.8CVSS5AI score0.00165EPSS

Vulnrichment•added 2025/09/29 6:0 a.m.•3 views

CVE-2024-5200 Postie < 1.9.71 - Admin+ Stored XSS

The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00165EPSS

CVE•added 2025/09/29 12:0 a.m.•18 views

CVE-2025-56807

CVE-2025-56807 affects FairSketch RISE Ultimate Project Manager & CRM (v3.9.4). The vulnerability is a Stored XSS in the File Manager/File Explorer utilized when creating new folders: the title parameter is not properly sanitized, allowing an attacker (with admin privileges as per description) to...

6.1CVSS5.4AI score0.0022EPSS

Exploits2References2Affected Software1

Cvelist•added 2025/06/03 6:0 a.m.•10 views

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.0021EPSS

RedhatCVE•added 2025/05/23 5:17 a.m.•11 views

CVE-2023-30745

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Phan Chuong IP Metaboxes plugin = 2.1.1 versions...

5.9CVSS5.2AI score0.00369EPSS

RedhatCVE•added 2025/05/23 2:36 a.m.•3 views

CVE-2023-23723

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media WP Email Capture plugin = 3.9.3 versions...

5.9CVSS5.2AI score0.00392EPSS

Patchstack•added 2025/03/25 6:48 a.m.•3 views

WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin < 2.6.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Contact Form & SMTP Plugin versions 2.6.0...

6.1CVSS6.1AI score0.0024EPSS

Cvelist•added 2025/03/25 6:0 a.m.•14 views

CVE-2025-0717 Social Slider Feed < 2.2.9 - Admin+ Stored XSS

To exploit the vulnerability, it is necessary:...

0.00229EPSS

Patchstack•added 2025/02/25 7:2 a.m.•4 views

WordPress NextGEN Gallery plugin < 3.59.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin NextGEN Gallery versions 3.59.9...

3.5CVSS6.1AI score0.0032EPSS

Vulnrichment•added 2024/12/27 6:0 a.m.•7 views

CVE-2024-11645 Float Block <= 1.7 - Admin+ Stored XSS via Widget

The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00335EPSS

Patchstack•added 2024/12/20 7:56 p.m.•3 views

WordPress Download Manager plugin < 3.3.03 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Download Manager versions 3.3.03...

4.8CVSS6.1AI score0.00309EPSS

Cvelist•added 2024/11/29 6:0 a.m.•19 views

CVE-2024-10704 Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00362EPSS

Patchstack•added 2024/11/25 11:3 a.m.•5 views

WordPress YaDisk Files plugin <= 1.2.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...

3.5CVSS6.1AI score0.0038EPSS

Cvelist•added 2024/11/05 6:0 a.m.•14 views

CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...

0.00358EPSS

Vulnrichment•added 2024/10/08 6:0 a.m.•12 views

CVE-2024-8983 Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS

Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts...

5AI score0.00397EPSS

OSV•added 2024/09/12 6:15 a.m.•3 views

CVE-2024-7822

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00172EPSS

Patchstack•added 2024/09/10 6:33 a.m.•3 views

WordPress Starbox plugin < 3.5.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Starbox versions 3.5.2...

4.8CVSS6.1AI score0.00365EPSS