CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/02/02 11:36 p.m.•2 views

CVE-2025-61642

5.3AI score0.00007EPSS

Exploits0References2

CVE•added 2026/02/02 11:36 p.m.•21 views

CVE-2025-61642

CVE-2025-61642 is a MediaWiki XSS vulnerability (improper input neutralization during web page generation) affecting MediaWiki before 1.39.14, 1.43.4, and 1.44.1, linked to CodexHTMLForm.Php and HTMLButtonField.Php. Public details across Red Hat and Debian advisories confirm remote XSS with infor...

6.1CVSS5.2AI score0.00007EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/02/02 11:23 p.m.•1 views

CVE-2025-61636 Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

5.3AI score0.00007EPSS

Cvelist•added 2026/02/02 11:23 p.m.•25 views

CVE-2025-61636 Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

0.00007EPSS

Patchstack•added 2026/02/02 9:0 p.m.•3 views

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Dual Button Widget vulnerability discovered by RandomRoot in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

6.4CVSS7.1AI score0.00213EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/02 7:30 p.m.•4 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00229EPSS

Exploits0References1Affected Software1

Snyk•added 2026/02/02 6:29 p.m.•3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState functions. An attacker can execute arbitrary...

9.3CVSS6.2AI score0.00023EPSS

Exploits1References2

Positive Technologies•added 2026/02/02 12:0 a.m.•1 views

PT-2026-5721

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description A flaw exists in jsPDF, a JavaScript library for generating PDFs, where user control over properties and methods within the Acroform module can lead to the injection of arbitrary PDF objects, including...

9.4CVSS5.9AI score0.00023EPSS

Exploits1References11

NVD•added 2026/02/01 1:15 p.m.•5 views

CVE-2022-50797

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS0.00039EPSS

Vulnrichment•added 2026/02/01 12:15 p.m.•1 views

CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

6.4CVSS5.5AI score0.00039EPSS

EUVD•added 2026/02/01 12:15 p.m.•3 views

EUVD-2022-55951

CVE•added 2026/02/01 12:15 p.m.•13 views

CVE-2022-50797

The CVE-2022-50797 entry concerns the Stripe Green Downloads Wordpress Plugin version 2.03, which contains a persistent cross-site scripting (XSS) flaw. The vulnerability targets button label fields (via settings) and can allow remote attackers to inject and execute arbitrary scripts, with potent...

ATTACKERKB•added 2026/02/01 12:15 p.m.•4 views

CVE-2022-50797

Exploits0References3Affected Software1

Cvelist•added 2026/02/01 12:15 p.m.•32 views

CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

6.4CVSS0.00039EPSS

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5566

CNNVD•added 2026/02/01 12:0 a.m.•3 views

Exploits0References4

WordPress plugin Stripe Green Downloads 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00039EPSS

RedhatCVE•added 2026/01/29 3:18 p.m.•5 views

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.8AI score0.00024EPSS