CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

RedhatCVE•added 2025/10/28 2:38 a.m.•12 views

CVE-2025-62958

Cross-Site Request Forgery CSRF vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through = 2.2.61...

4.3CVSS6.9AI score0.00015EPSS

Exploits0References1

EUVD•added 2025/10/27 3:30 a.m.•3 views

EUVD-2025-35985

8.8CVSS6.3AI score0.00015EPSS

Exploits0References2

NVD•added 2025/10/27 2:15 a.m.•4 views

CVE-2025-62958

4.3CVSS0.00015EPSS

Exploits0References1

CVE•added 2025/10/27 1:34 a.m.•16 views

CVE-2025-62958

CVE-2025-62958 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Simple Content Templates for Blog Posts & Pages” (simple-post-template) by Clifton Griffin. The issue affects versions from n/a up to and including 2.2.61. Public sources in the connected documents...

4.3CVSS5.1AI score0.00015EPSS

Exploits0References1

Cvelist•added 2025/10/27 1:34 a.m.•8 views

CVE-2025-62958 WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

4.3CVSS0.00015EPSS

Exploits0References1

Vulnrichment•added 2025/10/27 1:34 a.m.•4 views

CVE-2025-62958 WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

4.3CVSS5.1AI score0.00015EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•4 views

WordPress plugin Simple Content Templates for Blog Posts & Pages Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS5.7AI score0.00015EPSS

Exploits0References1

Positive Technologies•added 2025/10/27 12:0 a.m.•5 views

PT-2025-43832

8.8CVSS6.9AI score0.00015EPSS

Exploits0References2

Patchstack•added 2025/10/16 2:53 a.m.•4 views

WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simple Content Templates for Blog Posts & Pages versions = 2.2.61...

8.8CVSS7AI score0.00015EPSS

Exploits0Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-22930

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00186EPSS

Exploits0References4

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-40047

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.8AI score0.00033EPSS

Exploits0References6

CVE•added 2025/09/29 10:9 p.m.•9 views

CVE-2025-43812

Summary: CVE-2025-43812 is a cross-site scripting (XSS) vulnerability in Liferay Portal/DXP web content templates. The issue stems from improper validation in the Name field of a web content structure, allowing remote authenticated users to inject arbitrary HTML/JS. Affected products and versions...

5.4CVSS5.4AI score0.00033EPSS

Exploits0References1Affected Software2

CNNVD•added 2025/09/29 12:0 a.m.•1 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.8AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:0 a.m.•7 views

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS7AI score0.00186EPSS

Exploits0References1

OSV•added 2024/02/20 9:30 a.m.•1 views

GHSA-MF8H-GRFG-J9J3 Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API

5.3CVSS7.2AI score0.00186EPSS

Exploits0References5

Github Security Blog•added 2024/02/20 9:30 a.m.•3 views

Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API

5.3CVSS5.1AI score0.00186EPSS

Exploits0References5Affected Software2

Snyk•added 2024/02/20 9:30 a.m.•1 views

Incorrect Default Permissions

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default assignment of view permissions to guest users for web content templates via the UI or API. Remediation Upgrade...

6.9CVSS6.9AI score0.00186EPSS

Exploits0References2

NVD•added 2024/02/20 9:15 a.m.•17 views

CVE-2024-25605

5.3CVSS5.3AI score0.00186EPSS

Exploits0References1

OSV•added 2024/02/20 9:15 a.m.•1 views

CVE-2024-25605

5.3CVSS5.8AI score0.00186EPSS

Exploits0References1