CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

Patchstack•added 2025/12/31 12:0 a.m.•6 views

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via ajaxrequest Function vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.5.10-2.2.7...

8.8CVSS5.9AI score0.00394EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-30513

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00484EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-26770

Malicious code in bioql PyPI...

6.5CVSS8.6AI score0.00197EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-17258

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00143EPSS

Exploits0References2

RedhatCVE•added 2025/06/08 1:19 p.m.•5 views

CVE-2025-49310

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through = 2.2.8...

6.5CVSS5.9AI score0.00143EPSS

Exploits0References1

NVD•added 2025/06/06 1:15 p.m.•2 views

CVE-2025-49310

6.5CVSS0.00143EPSS

Exploits0References1

CVE•added 2025/06/06 12:53 p.m.•36 views

CVE-2025-49310

CVE-2025-49310: Stored XSS in the Frontend Dashboard WordPress plugin (Frontend Dashboard) allowed authenticated users to inject scripts via improper input neutralization during web page generation; affects Frontend Dashboard v1.0 through 2.2.8 (auth+); patched in v2.2.8.

6.5CVSS5.9AI score0.00143EPSS

Exploits0References1

Cvelist•added 2025/06/06 12:53 p.m.•13 views

CVE-2025-49310 WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00143EPSS

Exploits0References1

Positive Technologies•added 2025/06/06 12:0 a.m.•2 views

PT-2025-24238 · Unknown · M A Vinoth Kumar Frontend Dashboard

Name of the Vulnerable Software and Affected Versions: M A Vinoth Kumar Frontend Dashboard versions n/a through 2.2.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS in the Frontend Dashboard...

6.5CVSS6.1AI score0.00143EPSS

Exploits0References3

CNNVD•added 2025/06/06 12:0 a.m.•1 views

WordPress plugin Frontend Dashboard 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00143EPSS

Exploits0References1

Patchstack•added 2025/06/05 12:16 a.m.•9 views

WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Frontend Dashboard versions = 2.2.8...

6.5CVSS6AI score0.00143EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/05/23 8:55 a.m.•8 views

CVE-2024-29775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1...

6.5CVSS8.6AI score0.00197EPSS

Exploits0References1

Cvelist•added 2025/05/13 6:40 a.m.•15 views

CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

8.8CVSS0.00332EPSS

Exploits0References5

CVE•added 2025/05/13 6:40 a.m.•44 views

CVE-2025-4474

CVE-2025-4474 affects the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). A missing capability check in fed_admin_setting_form_function() allows authenticated users with Subscriber+ to overwrite the plugin’s register role, elevating privileges to administrator. Public references in Word...

8.8CVSS8.5AI score0.00332EPSS

Exploits0References5

Vulnrichment•added 2025/05/13 6:40 a.m.•9 views

CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

8.8CVSS8.5AI score0.00332EPSS

Exploits0References5

CVE•added 2025/05/13 6:40 a.m.•42 views

CVE-2025-4473

CVE-2025-4473 concerns the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). The issue is a missing capability check in the ajax_request() function, enabling authenticated users with Subscriber-level access or higher to redirect outgoing emails (e.g., SMTP) to an attacker-controlled serve...

8.8CVSS8.6AI score0.00394EPSS

Exploits0References6

Vulnrichment•added 2025/05/13 6:40 a.m.•6 views

CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxrequest function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends...

8.8CVSS8.5AI score0.00394EPSS

Exploits0References6

Positive Technologies•added 2025/05/13 12:0 a.m.•3 views

PT-2025-20838 · WordPress · Frontend Dashboard

Name of the Vulnerable Software and Affected Versions: Frontend Dashboard plugin for WordPress versions 1.0 through 2.2.7 Description: The issue is related to a missing capability check on the fed admin setting form function function. This allows authenticated attackers with Subscriber-level acce...

8.8CVSS8.6AI score0.00332EPSS

Exploits0References10

Cvelist•added 2025/05/07 9:21 a.m.•21 views

CVE-2025-4104 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedwpajaxfedloginformpost function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator’s email and password, and elevate...

9.8CVSS0.00899EPSS

Exploits0References6

Patchstack•added 2025/05/06 9:9 p.m.•7 views

WordPress Frontend Dashboard plugin 1.0-2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.6...

9.8CVSS8.3AI score0.00899EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by