CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-25286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or...

5.3CVSS6AI score0.0058EPSS

Exploits0References2

WPVulnDB•added 2024/04/10 12:0 a.m.•205 views

WP < 6.5.2 - Unauthenticated Stored XSS

Description WordPress does not escape the Author name of its Avatar block when some settings are enabled, leading to Stored Cross-Site Scripting. In a default setup, contributor and above users could perform such attack. However, if the blog is using the mentioned settings in the comment template...

6.3AI score

Exploits0References1

OSV•added 2024/03/06 11:11 a.m.•25 views

BIT-WORDPRESS-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

5.3CVSS5.4AI score0.0058EPSS

Exploits0References3

OSV•added 2020/09/13 6:15 p.m.•1 views

DEBIAN-CVE-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

5.3CVSS5.5AI score0.0058EPSS

Exploits0References1

OSV•added 2020/09/13 6:15 p.m.•0 views

UBUNTU-CVE-2020-25286

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

5.3CVSS5.8AI score0.0058EPSS

Exploits0References4

Prion•added 2020/09/13 6:15 p.m.•19 views

Code injection

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public...

5CVSS5.2AI score0.0058EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2020/06/23 12:0 a.m.•3 views

PT-2020-16064 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 Description: In WordPress, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. This issue is related to the comment-template.php file in the...

9.8CVSS5.1AI score0.06854EPSS

Exploits0References29

OSV•added 2017/04/12 10:59 p.m.•1 views

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score

Exploits0References3

Japan Vulnerability Notes•added 2016/05/16 5:48 a.m.•2 views

a-blog cms vulnerable to cross-site scripting

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6AI score0.00278EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by