CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-46489

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00222EPSS

Exploits0References2

NVD•added 2025/06/10 4:15 a.m.•11 views

CVE-2025-4601

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiryupdateprofile function. This makes it possible for...

8.8CVSS0.00334EPSS

Exploits1References2

RedhatCVE•added 2025/06/09 12:2 p.m.•3 views

CVE-2024-9993

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaeleventdetailstext parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to...

6.4CVSS5.8AI score0.00123EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:24 a.m.•3 views

CVE-2025-4221

The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00164EPSS

Exploits0References1

RedhatCVE•added 2025/05/03 4:58 a.m.•21 views

CVE-2025-4099

The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listchildren' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00122EPSS

Exploits0References1

NVD•added 2025/04/10 7:15 a.m.•8 views

CVE-2025-2719

The Swatchly – WooCommerce Variation Swatches for Products product attributes: Image swatch, Color swatches, Label swatches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in versions 1.2.8 to 1.4.0. This makes ...

6.5CVSS0.00235EPSS

Exploits0References2

RedhatCVE•added 2025/02/14 4:31 a.m.•8 views

CVE-2024-13665

The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS7.8AI score0.00095EPSS

Exploits0References1

CVE•added 2024/12/06 5:26 a.m.•55 views

CVE-2024-10578

CVE-2024-10578 – Pubnews theme (WordPress) has an unauthenticated/arbitrary plugin installation vulnerability through a missing capability check in pubnews_importer_plugin_action_for_notice() across all versions up to 1.0.7. The issue allows authenticated attackers with Subscriber-level access an...

8.8CVSS8.4AI score0.51038EPSS

Exploits1References3

Exploit DB•added 2014/12/08 12:0 a.m.•34 views

Free Article Submissions 1.0 - SQL Injection

Exploit Title: Free Article Submissions SQL Injection Vulnerability Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal" inurl:/category.php?id=2 "Arts & Entertainment" Date: 07/12/2014 Exploit Author: BarrabravaZ Vendor Homepage: http://www.articlesetup.com/ Software Link: download...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by