CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

Liferay Portal & DXP - Cross-Site Scripting

Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...

6.9CVSS5.8AI score0.05581EPSS

Exploits0References2

RedhatCVE•added 2026/04/13 7:25 p.m.•3 views

CVE-2026-39693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...

5.9CVSS5.8AI score0.00036EPSS

Exploits0References1

EUVD•added 2026/04/08 9:31 a.m.•1 views

EUVD-2026-20389

5.9AI score0.00036EPSS

Exploits0References2

NVD•added 2026/04/08 9:16 a.m.•2 views

CVE-2026-39693

5.9CVSS0.00036EPSS

Exploits0References1

CVE•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39693

CVE-2026-39693 affects the WordPress plugin FSM Custom Featured Image Caption by fesomia, with a DOM-Based XSS due to improper neutralization of input during web page generation. Affected versions are up to and including 1.25.1 . Red Hat/NVD/CVE records also confirm the issue and indicate the imp...

5.9CVSS5.9AI score0.00036EPSS

Exploits0References1

Cvelist•added 2026/04/08 8:30 a.m.•21 views

CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability

5.9CVSS0.00036EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39693

5.9AI score0.00036EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability

5.8AI score0.00036EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•2 views

WordPress plugin FSM Custom Featured Image Caption 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31255

Name of the Vulnerable Software and Affected Versions fesomia FSM Custom Featured Image Caption versions through 1.25.1 Description A DOM-Based Cross-Site Scripting XSS issue exists in the fesomia FSM Custom Featured Image Caption plugin. This allows for improper neutralization of input during we...

5.8AI score0.00036EPSS

Exploits0References4

Patchstack•added 2026/01/26 6:56 p.m.•6 views

WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Image Caption vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...

4.4CVSS5.9AI score0.00046EPSS

Exploits1References1Affected Software1

Patchstack•added 2025/12/15 1:30 p.m.•3 views

WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Image Caption Hover Pro versions 20.0...

5.3CVSS7AI score0.00051EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/12/10 2:23 p.m.•1 views

CVE-2025-67562

Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through 20.0...

5.4CVSS7AI score0.00051EPSS

Exploits0References1

NVD•added 2025/12/09 4:18 p.m.•3 views

CVE-2025-67562

5.4CVSS0.00051EPSS

Exploits0References1

CVE•added 2025/12/09 2:14 p.m.•3 views

CVE-2025-67562

CVE-2025-67562 involves a Missing Authorization vulnerability in Image Caption Hover Pro (image-caption-hover-pro), where Access Control is incorrectly configured, potentially allowing access to restricted resources. Affected: Image Caption Hover Pro versions

5.4CVSS6.6AI score0.00051EPSS

Exploits0References1

Cvelist•added 2025/12/09 2:14 p.m.•20 views

CVE-2025-67562 WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

5.4CVSS0.00051EPSS

Exploits0References1

Vulnrichment•added 2025/12/09 2:14 p.m.•2 views

CVE-2025-67562 WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

5.4CVSS6.6AI score0.00051EPSS

Exploits0References1

CNNVD•added 2025/12/09 12:0 a.m.•1 views

WordPress plugin Image Caption Hover Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.6AI score0.00051EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•1 views

PT-2025-49936

Name of the Vulnerable Software and Affected Versions Image Caption Hover Pro versions prior to 20.0 Description An authorization issue exists in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro, allowing exploitation due to incorrectly configured access control security levels...

5.3CVSS6.6AI score0.00051EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-23996

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.05581EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by