CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

EUVD•added 2026/05/05 9:31 a.m.•4 views

EUVD-2026-27225

The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that...

6.5CVSS5.9AI score0.00017EPSS

Exploits0References9

EUVD•added 2026/04/22 9:31 a.m.•2 views

EUVD-2026-24652

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

6.4CVSS5.9AI score0.00027EPSS

Exploits0References10

Vulnrichment•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-4088 Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.9AI score0.00027EPSS

Exploits0References9

ATTACKERKB•added 2026/04/10 3:35 a.m.•1 views

CVE-2026-2305

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

6.4CVSS6.1AI score0.00055EPSS

Exploits0References9

CNNVD•added 2026/04/10 12:0 a.m.•2 views

WordPress plugin AddFunc Head & Footer Code 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00055EPSS

Exploits0References8

Patchstack•added 2026/02/18 12:39 a.m.•7 views

WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...

4.4CVSS5.5AI score0.00011EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2023-33931

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00294EPSS

Exploits2References3

RedhatCVE•added 2025/05/03 4:7 a.m.•15 views

CVE-2025-2168

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect non...

4.3CVSS6.6AI score0.00051EPSS

Exploits0References1

RedhatCVE•added 2025/04/14 6:40 a.m.•15 views

CVE-2025-3418

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...

8.8CVSS7.2AI score0.0034EPSS

Exploits0References1

CVE•added 2025/03/14 4:22 a.m.•52 views

CVE-2025-1528

CVE-2025-1528 affects WordPress Plug-in: Search & Filter Pro up to version 2.5.19, due to missing capability check in get_meta_values, allowing authenticated users with Subscriber+ to read arbitrary post Meta. Public references indicate a security release addressing this in 2.5.20. Affected produ...

4.3CVSS4.4AI score0.00076EPSS

Exploits0References2

Cvelist•added 2024/09/11 3:31 a.m.•18 views

CVE-2024-8253 Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers...

8.8CVSS0.01576EPSS

Exploits0References4

WPVulnDB•added 2023/11/29 12:0 a.m.•23 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...

4.3CVSS6.3AI score0.00125EPSS

Exploits1References1Affected Software1

OSV•added 2023/11/28 5:15 a.m.•4 views

CVE-2023-6225

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.9AI score

Exploits0References3

Prion•added 2023/11/22 8:15 a.m.•30 views

Information disclosure

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

4CVSS5.8AI score0.00294EPSS

Exploits2References3Affected Software1

Cvelist•added 2023/11/22 7:32 a.m.•27 views

CVE-2023-2446 UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode

6.5CVSS6.9AI score0.00294EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by