CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

215 matches found

CNNVD•added 2026/02/06 12:0 a.m.•4 views

WordPress plugin Code Snippets 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00018EPSS

Exploits0References6

Vulnrichment•added 2026/01/23 12:0 a.m.•2 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.9AI score0.00054EPSS

Exploits0References3

ATTACKERKB•added 2026/01/23 12:0 a.m.•4 views

CVE-2025-52023

5.3CVSS5.9AI score0.00054EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 8:48 a.m.•5 views

CVE-2025-23780

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through = 1.0.2...

7.6CVSS7.3AI score0.00184EPSS

Exploits0References1

RedhatCVE•added 2025/12/13 3:59 a.m.•2 views

CVE-2025-14166

The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute arbitrary PHP code through the Code Snippets feature without proper capability checks. This makes ...

5.3CVSS7.5AI score0.00125EPSS

Exploits0References1

EUVD•added 2025/12/12 6:31 a.m.•4 views

EUVD-2025-202995

5.3CVSS7AI score0.00125EPSS

Exploits0References7

NVD•added 2025/12/12 4:15 a.m.•5 views

CVE-2025-14166

5.3CVSS0.00125EPSS

Exploits0References6

Vulnrichment•added 2025/12/12 3:20 a.m.•2 views

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

5.3CVSS7.1AI score0.00125EPSS

Exploits0References6

Cvelist•added 2025/12/12 3:20 a.m.•28 views

CVE-2025-14166 WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

5.3CVSS0.00125EPSS

Exploits0References6

CVE•added 2025/12/12 3:20 a.m.•19 views

CVE-2025-14166

CVE-2025-14166 concerns the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.13.0. The source documents confirm that an authenticated user with Contributor+ or Author+ roles can exploit Code Snippets via the plugin to inject PHP code on the server, enabling remote code execution and poten...

5.3CVSS7.1AI score0.00125EPSS

Exploits0References6

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50863

5.3CVSS7.5AI score0.00125EPSS

Exploits0References7

CNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

8CVSS7.7AI score0.00045EPSS

Exploits0References1

Packet Storm News•added 2025/11/21 12:0 a.m.•5 views

ReVul-CoT: Towards Effective Software Vulnerability Assessment with Retrieval-Augmented Generation and Chain-Of-Thought Prompting

Context: Software Vulnerability Assessment SVA plays a vital role in evaluating and ranking vulnerabilities in software systems to ensure their security and reliability. Objective: Although Large Language Models LLMs have recently shown remarkable potential in SVA, they still face two major...

6.8AI score

Exploits0

EUVD•added 2025/11/19 9:30 a.m.•2 views

EUVD-2025-198141

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...

8CVSS6.7AI score0.00045EPSS

Exploits0References5

NVD•added 2025/11/19 8:15 a.m.•3 views

CVE-2025-13035

8CVSS0.00045EPSS

Exploits0References4

Vulnrichment•added 2025/11/19 7:46 a.m.•4 views

CVE-2025-13035 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

8CVSS6.8AI score0.00045EPSS

Exploits0References4

Cvelist•added 2025/11/19 7:46 a.m.•6 views

CVE-2025-13035 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

8CVSS0.00045EPSS

Exploits0References4

CVE•added 2025/11/19 7:46 a.m.•28 views

CVE-2025-13035

The WordPress Code Snippets plugin vulnerability CVE-2025-13035 affects all versions up to 3.9.1. It stems from the evaluate_shortcode_from_flat_file method using extract() on attacker-controlled shortcode attributes, allowing an overwriting of the $filepath variable which is later passed to requ...

8CVSS6.8AI score0.00045EPSS

Exploits0References4

CNNVD•added 2025/11/19 12:0 a.m.•1 views

WordPress plugin Code Snippets 代码注入漏洞

8CVSS7.3AI score0.00045EPSS

Exploits0References4

Positive Technologies•added 2025/11/19 12:0 a.m.•4 views

PT-2025-47445

Name of the Vulnerable Software and Affected Versions Code Snippets versions prior to 3.9.1 Description The Code Snippets plugin for WordPress is susceptible to PHP Code Injection in versions up to and including 3.9.1. This occurs because the plugin utilizes extract on shortcode attributes...

8CVSS7.2AI score0.00045EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by