CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/01/09 9:31 a.m.•3 views

CVE-2023-25488

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

5.9CVSS5.2AI score0.00079EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-29443

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00079EPSS

Exploits1References1

WPVulnDB•added 2023/09/18 12:0 a.m.•17 views

WP Default Feature Image <= 1.0.1.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00079EPSS

Exploits1

OSV•added 2023/09/01 11:15 a.m.•1 views

CVE-2023-25488

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

4.8CVSS7.3AI score

Exploits0References1

Vulnrichment•added 2023/09/01 10:54 a.m.•6 views

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

5.9CVSS5.4AI score0.00079EPSS

Exploits1References1

CVE•added 2023/09/01 10:54 a.m.•50 views

CVE-2023-25488

CVE-2023-25488 applies to the WordPress plugin WP Default Feature Image . The connected sources describe a Stored Cross-Site Scripting (XSS) vulnerability that affects versions up to and including 1.0.1.1 . The root cause is an input/processing flaw in the plugin’s default feature image handling ...

5.9CVSS4.9AI score0.00079EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/09/01 10:54 a.m.•22 views

CVE-2023-25488 WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Duc Bui Quang WP Default Feature Image plugin = 1.0.1.1 versions...

5.9CVSS5.5AI score0.00079EPSS

Exploits1References1

CNNVD•added 2023/09/01 12:0 a.m.•3 views

WordPress plugin WP Default Feature Image Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.9CVSS6.1AI score0.00079EPSS

Exploits1References2

Patchstack•added 2023/07/10 12:0 a.m.•16 views

WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Default Feature Image Type Plugin Vulnerable versions = 1.0.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25488 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 82470384fb0a Credits Nithissh S...

5.9CVSS5.8AI score0.00079EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by