CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

RedhatCVE•added 2026/02/20 7:22 a.m.•5 views

CVE-2026-1047

The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageurl' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00045EPSS

Exploits0References1

NVD•added 2026/02/19 7:17 a.m.•3 views

CVE-2026-1047

4.4CVSS0.00045EPSS

Exploits0References5

Cvelist•added 2026/02/19 4:36 a.m.•26 views

CVE-2026-1047 salavat counter Plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter

4.4CVSS0.00045EPSS

Exploits0References5

Vulnrichment•added 2026/02/19 4:36 a.m.•2 views

CVE-2026-1047 salavat counter Plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter

4.4CVSS5.7AI score0.00045EPSS

Exploits0References5

Positive Technologies•added 2026/02/19 12:0 a.m.•2 views

PT-2026-20634

The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image url' parameter in all versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00045EPSS

Exploits0References5

Patchstack•added 2026/02/18 11:59 p.m.•4 views

WordPress salavat counter Plugin plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'imageurl' Parameter vulnerability discovered by 0x34rth in WordPress Plugin salavat counter versions = 0.9.5...

4.4CVSS5.5AI score0.00045EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/14 6:40 a.m.•28 views

CVE-2026-0812 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS0.00048EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:33 a.m.•9 views

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...

9.3CVSS8.2AI score0.0089EPSS

Exploits2References1

CNNVD•added 2025/12/13 12:0 a.m.•0 views

WordPress plugin WPS Visitor Counter Plugin 安全漏洞

...

5.8CVSS5.8AI score0.00029EPSS

Exploits0References2

RedhatCVE•added 2025/11/05 5:8 a.m.•3 views

CVE-2025-12452

The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged...

6.1CVSS5.8AI score0.00013EPSS

Exploits0References1

CVE•added 2025/10/27 1:34 a.m.•5 views

CVE-2025-62948

CVE-2025-62948 affects the WordPress plugin “Date counter” (Date counter) up to version 2.0.3. The issue is described as a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Multiple connected sources (NVD/Red Hat/ENISA/CVE Lists...

6.5CVSS5.6AI score0.0003EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-11110

Malware in sbrugna...

8.8CVSS8.7AI score0.00181EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-9728

Malware in sbrugna...

6.1CVSS6.3AI score0.00408EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2015-4109

Malware in sbrugna...

4.3CVSS6.1AI score0.01451EPSS

Exploits5References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-51772

Malicious code in bioql PyPI...

7.1CVSS6.9AI score0.00083EPSS

Exploits0References1

CNNVD•added 2025/08/14 12:0 a.m.•4 views

WordPress plugin Visit Counter Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS5.7AI score0.00051EPSS

Exploits0References1

NVD•added 2025/08/05 8:15 a.m.•2 views

CVE-2025-8294

The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

6.4CVSS0.00163EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 1:56 a.m.•7 views

CVE-2017-20103

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

8.8CVSS7.2AI score0.00181EPSS

Exploits1References1

CNNVD•added 2025/04/24 12:0 a.m.•1 views

WordPress plugin Social Counter 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

7.2CVSS7.5AI score0.00138EPSS

Exploits0References1

Patchstack•added 2025/03/28 12:53 p.m.•2 views

WordPress The Visitor Counter plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin The Visitor Counter versions = 1.4.3...

7.1CVSS6.1AI score0.00138EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by