CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

121 matches found

RedhatCVE•added 2026/01/28 9:17 p.m.•2 views

CVE-2026-1483

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosverauto.aspx', could allow an attacker to extract...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1

Positive Technologies•added 2026/01/27 12:0 a.m.•3 views

PT-2026-4978

Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application versions affected versions not specified Description An out-of-band SQL injection flaw exists in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploitation of...

9.3CVSS5.9AI score0.00047EPSS

Exploits0References4

Positive Technologies•added 2026/01/27 12:0 a.m.•3 views

PT-2026-4980

Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application versions affected versions not specified Description An out-of-band SQL injection OOB SQLi issue exists in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación...

9.3CVSS5.9AI score0.00047EPSS

Exploits0References4

Positive Technologies•added 2026/01/27 12:0 a.m.•1 views

PT-2026-4971

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id usuario' and 'Id evaluacion' en ‘/evaluacion inicio.aspx’, could allow an attacker ...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References2

Positive Technologies•added 2026/01/27 12:0 a.m.•2 views

PT-2026-4975

Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application affected versions not specified Description An out-of-band SQL injection flaw exists in the Performance Evaluation EDD application by Gabinete Técnico de Programación. Successful exploitation allows an...

9.3CVSS5.9AI score0.00047EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 9:16 a.m.•1 views

CVE-2025-14121

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5AI score0.00052EPSS

Exploits0References1

NVD•added 2026/01/07 12:16 p.m.•1 views

CVE-2025-14121

6.4CVSS0.00052EPSS

Exploits0References3

Cvelist•added 2026/01/07 9:21 a.m.•21 views

CVE-2025-14121 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00052EPSS

Exploits0References3

CVE•added 2026/01/07 9:21 a.m.•7 views

CVE-2025-14121

CVE-2025-14121 affects the WordPress plugin EDD Download Info (EDD Download Info). Affected versions: all up to 1.1. Root cause: insufficient input sanitization and output escaping in the shortcode attribute edd_download_info_link . Impact: Stored Cross-Site Scripting enabling authenticated attac...

6.4CVSS4.7AI score0.00052EPSS

Exploits0References3

Vulnrichment•added 2026/01/07 9:21 a.m.•1 views

CVE-2025-14121 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.00052EPSS

Exploits0References3

Positive Technologies•added 2026/01/07 12:0 a.m.•1 views

PT-2026-1625

Name of the Vulnerable Software and Affected Versions EDD Download Info plugin for WordPress versions prior to 1.2 Description The EDD Download Info plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'edd download info link' shortcode. Insufficient input sanitization a...

6.4CVSS5.3AI score0.00052EPSS

Exploits0References5

CNNVD•added 2026/01/07 12:0 a.m.•2 views

WordPress plugin EDD Download Info 跨站脚本漏洞

...

6.4CVSS6.7AI score0.00052EPSS

Exploits0References3

Patchstack•added 2026/01/06 11:9 p.m.•2 views

WordPress EDD Download Info plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin EDD Download Info versions = 1.1...

6.4CVSS5.6AI score0.00052EPSS

Exploits0References1Affected Software1

EUVD•added 2025/12/31 6:24 a.m.•3 views

EUVD-2025-205899

The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'eddredirect' parameter. This makes it possible for unauthenticated attackers to redirect...

4.3CVSS5.7AI score0.00018EPSS

Exploits1References5

CVE•added 2025/12/31 6:24 a.m.•4 views

CVE-2025-14783

CVE-2025-14783 affects WordPress Easy Digital Downloads (versions ≤ 3.6.2). Root cause: unvalidated redirect in the edd_redirect parameter during password-reset flow, enabling unauthenticated users to coax recipients into visiting malicious sites. Exploitation: a PoC exists on GitHub (ZeroEthical...

4.3CVSS5.7AI score0.00018EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-9354

Malware in sbrugna...

6.1CVSS6.3AI score0.00432EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-50211

Malicious code in bioql PyPI...

7.1CVSS6.9AI score0.00287EPSS

Exploits0References1

CVE•added 2025/08/20 11:26 a.m.•15 views

CVE-2025-8102

CVE-2025-8102: Easy Digital Downloads for WordPress (versions ≤ 3.5.0) is vulnerable to Cross-Site Forgery via missing nonce checks in edd_sendwp_disconnect and edd_sendwp_remote_install. This CSRF allows unauthenticated attackers to deactivate or trigger activation/deactivation of the SendWP plu...

5.4CVSS6.7AI score0.00028EPSS

Exploits0References4

RedhatCVE•added 2025/06/29 2:26 p.m.•3 views

CVE-2025-53320

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4...

6.5CVSS5.2AI score0.00143EPSS

Exploits0References1

Patchstack•added 2025/06/27 2:56 p.m.•3 views

WordPress Free Downloads EDD plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Free Downloads EDD versions = 1.0.4...

6.5CVSS6.1AI score0.00143EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by