CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

279 matches found

WordPress Page Builder KingComposer <=2.9.6 - Open Redirect

WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action which is available to both unauthenticated and authenticated users. id: CVE-2022-0165 info: name: WordPress Page Builder KingComposer =2.9.7 to...

6.1CVSS6.4AI score0.49041EPSS

Exploits4References5

Patchstack•added 3 days ago•3 views

WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin King Addons for Elementor versions = 51.1.62...

5.8AI score

Exploits0Affected Software1

Nuclei•added 3 days ago•227 views

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

10CVSS7.8AI score0.94248EPSS

Exploits6References5

Nuclei•added 2026/05/12 8:3 a.m.•117 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.5AI score0.94352EPSS

Exploits1References5

RedhatCVE•added 2026/04/02 4:56 p.m.•2 views

CVE-2025-13535

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

6.4CVSS6AI score0.00073EPSS

Exploits0References1

EUVD•added 2026/04/01 3:31 p.m.•1 views

EUVD-2025-209162

6.4CVSS6AI score0.00073EPSS

Exploits0References12

NVD•added 2026/04/01 3:16 p.m.•0 views

CVE-2025-13535

6.4CVSS0.00073EPSS

Exploits0References11

Vulnrichment•added 2026/04/01 2:37 p.m.•1 views

CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets

6.4CVSS6AI score0.00073EPSS

Exploits0References11

CVE•added 2026/04/01 2:37 p.m.•8 views

CVE-2025-13535

CVE-2025-13535 – King Addons for Elementor (WordPress) is a DOM-Based Stored Cross-Site Scripting vulnerability affecting all versions up to 51.1.38. The root cause is inadequate input sanitization and output escaping across multiple widgets/features. The plugin uses esc_attr() and esc_url() insi...

6.4CVSS6AI score0.00073EPSS

Exploits0References11

Cvelist•added 2026/04/01 2:37 p.m.•20 views

CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets

6.4CVSS0.00073EPSS

Exploits0References11

Patchstack•added 2026/04/01 2:35 a.m.•3 views

WordPress King Addons for Elementor plugin <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin King Addons for Elementor versions = 51.1.53...

6.4CVSS5.9AI score0.00073EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/01 12:0 a.m.•2 views

WordPress plugin King Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00073EPSS

Exploits0References11

RedhatCVE•added 2026/03/26 5:3 p.m.•0 views

CVE-2026-25371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

9.3CVSS5.9AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:13 p.m.•1 views

CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References1

CNVD•added 2026/03/26 12:0 a.m.•1 views

WordPress Plugin King Addons for Elementor Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin King Addons for Elemento...

5.3CVSS5.7AI score0.00043EPSS

Exploits0

EUVD•added 2026/03/25 6:31 p.m.•0 views

EUVD-2026-15691

5.9AI score0.00045EPSS

Exploits0References2

NVD•added 2026/03/25 5:16 p.m.•1 views

CVE-2026-25371

9.3CVSS0.00045EPSS

Exploits0References1

Patchstack•added 2026/03/24 3:19 p.m.•3 views

WordPress King Addons for Elementor plugin <= 51.1.49 - Unauthenticated API Keys Disclosure vulnerability