CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedhatCVE•added 2026/01/09 9:25 a.m.•7 views

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.7AI score0.00171EPSS

Exploits0References1

EUVD•added 2025/12/20 6:30 a.m.•1 views

EUVD-2025-204629

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

5.3CVSS4.9AI score0.00065EPSS

Exploits0References3

Cvelist•added 2025/12/20 3:20 a.m.•16 views

CVE-2025-12898 Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure

5.3CVSS0.00065EPSS

Exploits0References3

CVE•added 2025/12/20 3:20 a.m.•8 views

CVE-2025-12898

CVE-2025-12898 is a published vulnerability affecting the Pretty Google Calendar plugin for WordPress. The connected Wordfence report confirms a missing capability check in pgcal_ajax_handler() that allowed unauthenticated access and enabled retrieval of the plugin’s Google API key from settings ...

5.3CVSS5AI score0.00065EPSS

Exploits0References3

Positive Technologies•added 2025/12/20 12:0 a.m.•1 views

PT-2025-52535

Name of the Vulnerable Software and Affected Versions Pretty Google Calendar plugin for WordPress versions prior to 2.0.1 Description The Pretty Google Calendar plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the pgcal ajax handler...

5.3CVSS6.2AI score0.00065EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2023-58989

Malicious code in bioql PyPI...

6.5CVSS8.8AI score0.02631EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 2:5 a.m.•6 views

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

6.5CVSS6.8AI score0.02631EPSS

Exploits0References1

Cvelist•added 2024/07/20 6:43 a.m.•21 views

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS0.00145EPSS

Exploits0References2

Vulnrichment•added 2024/07/20 6:43 a.m.•10 views

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

5.3CVSS6.4AI score0.00145EPSS

Exploits0References2

Positive Technologies•added 2024/07/20 12:0 a.m.•2 views

PT-2024-37663 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...

5.3CVSS6.5AI score0.00145EPSS

Exploits0References7

Patchstack•added 2024/07/15 2:25 a.m.•2 views

WordPress Smart Image Gallery plugin < 1.0.19 - Update/Delete Google API Key via CSRF vulnerability

Update/Delete Google API Key via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Smart Image Gallery versions 1.0.19...

6.8CVSS7AI score0.00163EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/07/13 6:0 a.m.•13 views

CVE-2024-3632 Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF

The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.8AI score0.00163EPSS

Exploits1References1

NVD•added 2024/04/09 7:15 p.m.•9 views

CVE-2023-6777

6.5CVSS5.2AI score0.02631EPSS

Exploits0References2

OSV•added 2024/04/09 7:15 p.m.•0 views

CVE-2023-6777

6.5CVSS7.3AI score

Exploits0References2

Cvelist•added 2024/04/09 6:58 p.m.•17 views

CVE-2023-6777 WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service

5.3CVSS5.5AI score0.02631EPSS

Exploits0References2

Vulnrichment•added 2024/04/09 6:58 p.m.•11 views

CVE-2023-6777 WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service

5.3CVSS7.2AI score0.02631EPSS

Exploits0References2

Positive Technologies•added 2024/04/09 12:0 a.m.•1 views

PT-2024-15080 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin for WordPress versions up to, and including, 9.0.34 Description: The issue allows unauthenticated attackers to obtain the developer's Google API key due to the plugin adding the API key to several plugin files. This does not...

6.5CVSS9.5AI score0.02631EPSS

Exploits0References7

OSV•added 2023/10/20 8:15 a.m.•0 views

CVE-2023-4021

4.8CVSS7.3AI score

Exploits0References2

Vulnrichment•added 2023/10/20 7:29 a.m.•6 views

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS6.7AI score0.00171EPSS

Exploits0References2

Cvelist•added 2023/10/20 7:29 a.m.•15 views

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting