CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/07/23 2:24 a.m.•19 views

CVE-2025-6261

CVE-2025-6261 describes a Stored Cross-Site Scripting flaw in the Fleetwire Fleet Management WordPress plugin (versions

Vulnrichment•added 2025/07/23 2:24 a.m.•2 views

CVE-2025-5818 Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.6 via the fipgetimageoptions function. This makes it possible for authenticated attackers, with administrator-level access and abov...

5.5CVSS5.9AI score0.00188EPSS

Vulnrichment•added 2025/07/23 12:0 a.m.•3 views

CVE-2025-46099

6.9AI score0.00583EPSS

Exploits1References2

CVE•added 2025/07/23 12:0 a.m.•16 views

CVE-2025-46099

CVE-2025-46099 affects Pluck CMS 4.7.20-dev. An authenticated attacker can upload or create a crafted PHP file in the albums module directory and access it via the albums.site.php routing logic, enabling arbitrary command execution through a GET parameter. Root cause: flaw in the module routing l...

7.2CVSS6.9AI score0.00583EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/07/21 7:23 a.m.•6 views

CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.00253EPSS

Exploits0References7

Vulnrichment•added 2025/07/21 12:0 a.m.•2 views

CVE-2025-46117

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...

7.2AI score0.00961EPSS

Exploits1References2

Positive Technologies•added 2025/07/21 12:0 a.m.•7 views

PT-2025-30348 · Unknown · Haxcms-Nodejs

Name of the Vulnerable Software and Affected Versions: HAX CMS NodeJs versions 11.0.8 and below Description: HAX CMS NodeJs, a system for managing microsite universes with a NodeJs backend, is susceptible to a crash issue. An authenticated attacker can trigger this issue by sending API requests t...

7.1CVSS6.2AI score0.00189EPSS

Exploits0References11

CVE•added 2025/07/19 2:22 a.m.•23 views

CVE-2025-7653

CVE-2025-7653 describes a stored XSS in the WordPress EPay.bg Payments plugin (versions

6.4CVSS5.9AI score0.00164EPSS

Cvelist•added 2025/07/19 2:22 a.m.•7 views

CVE-2025-7661 Partnerský systém Martinus <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Partnerský systém Martinus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'martinus' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00164EPSS

Tenable Nessus•added 2025/07/19 12:0 a.m.•6 views

Azure Linux 3.0 Security Update: libssh (CVE-2025-5318)

The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5318 advisory. - A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered i...

8.1CVSS6.5AI score0.00178EPSS

Vulnrichment•added 2025/07/18 5:24 a.m.•8 views

CVE-2025-5752 Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Vulnrichment•added 2025/07/18 5:24 a.m.•3 views

CVE-2025-5800 Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter

The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE•added 2025/07/18 5:24 a.m.•23 views

CVE-2025-5752

CVE-2025-5752 : The WordPress plugin “Vertical scroll image slideshow gallery” is vulnerable to a Stored Cross-Site Scripting (XSS) via the width parameter in all versions up to 11.1. The issue arises from insufficient input sanitization and output escaping, enabling authenticated attackers with ...

6.4CVSS5.6AI score0.00163EPSS

Vulnrichment•added 2025/07/18 5:23 a.m.•2 views

CVE-2025-5767 Crowdfunding for WooCommerce <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...