CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/03 2:8 p.m.•23 views

CVE-2026-25036 WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

6.5CVSS0.00015EPSS

Cvelist•added 2026/01/28 6:43 a.m.•22 views

CVE-2026-1244 Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...

6.4CVSS0.00016EPSS

EUVD•added 2026/01/28 6:43 a.m.•2 views

EUVD-2026-4901

6.4CVSS6AI score0.00016EPSS

CNNVD•added 2026/01/28 12:0 a.m.•2 views

WordPress Plugin Forms Bridge – Infinite integrations Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00016EPSS

Exploits0References5

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-49950 WordPress Official Integration for Billingo plugin <= 4.3.0 - Privilege Escalation vulnerability

Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through = 4.3.0...

7.2CVSS5.2AI score0.0002EPSS

CVE•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-49950

CVE-2025-49950 affects the WordPress Official Integration for Billingo plugin. A missing authorization flaw enables privilege escalation in Official Integration for Billingo, affecting versions up to 4.2.5 (and related advisories reference stronger versions). Documented impact: privilege escalati...

7.2CVSS5.9AI score0.0002EPSS

Patchstack•added 2025/08/14 4:18 p.m.•2 views

WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme App, SaaS & Software Startup Tech Theme - Stratus versions = 4.2.5...

4.3CVSS6.9AI score0.00059EPSS

Cvelist•added 2025/08/11 7:32 a.m.•9 views

CVE-2025-8836 JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpcfloorlog2 of the file src/libjasper/jpc/jpcenc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been...

4.8CVSS0.0005EPSS

Exploits1References6

Patchstack•added 2025/07/11 2:44 p.m.•3 views

WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Houzez versions = 4.2.5...

6.3CVSS7AI score0.00017EPSS

Patchstack•added 2025/06/04 11:8 a.m.•2 views

WordPress Soho Hotel theme <= 4.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bonds in WordPress Theme Soho Hotel versions = 4.2.5...

7.1CVSS6.2AI score0.00185EPSS

RedhatCVE•added 2025/05/23 9:44 a.m.•4 views

CVE-2024-25614

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the...

9.1CVSS6.9AI score0.00133EPSS

CNNVD•added 2025/03/21 12:0 a.m.•2 views

OpenSlides 安全漏洞

OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in versions of OpenSlides prior to 4.2.5 that stems from allowing the insertion of various...

6.1CVSS5.8AI score0.00168EPSS

Exploits1References2

Positive Technologies•added 2025/02/14 12:0 a.m.•2 views

PT-2025-7021 · Unknown · Contact Form With Shortcode

Name of the Vulnerable Software and Affected Versions: Contact Form With Shortcode versions n/a through 4.2.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited...

7.1CVSS9.3AI score0.00178EPSS

Exploits0References5

Patchstack•added 2024/07/06 1:2 p.m.•2 views

WordPress Ultimate Auction plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Ultimate Auction versions = 4.2.5...

4.3CVSS7AI score0.00162EPSS

OSV•added 2023/11/18 2:15 a.m.•1 views

CVE-2023-4214

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

9.8CVSS7.3AI score0.0036EPSS

Positive Technologies•added 2023/03/28 12:0 a.m.•1 views

PT-2023-21050 · Ibm · Ibm Aspera Connect +1

Name of the Vulnerable Software and Affected Versions: IBM Aspera Cargo version 4.2.5 IBM Aspera Connect version 4.2.5 Description: The issue is caused by improper bounds checking, leading to a buffer overflow. An attacker could exploit this to execute arbitrary code on the system. Recommendation...

9.8CVSS9.7AI score0.00744EPSS