CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/06/06 12:0 a.m.•2 views

WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞

5.3CVSS5.4AI score0.0026EPSS

RedhatCVE•added 2025/06/05 6:12 a.m.•19 views

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00166EPSS

Patchstack•added 2025/06/05 12:14 a.m.•5 views

WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...

4.3CVSS6.7AI score0.00168EPSS

Exploits0Affected Software1

OSV•added 2025/06/03 6:15 a.m.•2 views

CVE-2025-3584

4.8CVSS7.3AI score

CVE•added 2025/06/03 6:0 a.m.•53 views

CVE-2025-3584

The CVE-2025-3584 entry concerns the WordPress Newsletter plugin, affected in versions prior to 8.8.2. The vulnerability arises from insufficient sanitization/escaping of Subscription settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html ...

4.8CVSS5.7AI score0.00166EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/06/03 6:0 a.m.•10 views

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

5.7AI score0.00166EPSS

Cvelist•added 2025/06/02 6:0 a.m.•15 views

CVE-2025-1485 Real Cookie Banner < 5.1.6 - Admin+ Stored XSS

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...

0.00166EPSS

RedhatCVE•added 2025/05/23 10:30 a.m.•5 views

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

4.8CVSS5.7AI score0.00179EPSS

RedhatCVE•added 2025/05/23 10:28 a.m.•8 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00204EPSS

RedhatCVE•added 2025/05/23 10:18 a.m.•17 views

CVE-2024-2402

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.6AI score0.00125EPSS

RedhatCVE•added 2025/05/23 10:9 a.m.•4 views

CVE-2024-1589

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.00098EPSS

RedhatCVE•added 2025/05/23 10:6 a.m.•9 views

CVE-2024-2278

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.00139EPSS

RedhatCVE•added 2025/05/23 10:3 a.m.•5 views

CVE-2024-29910

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2...

6.5CVSS8.6AI score0.00178EPSS

RedhatCVE•added 2025/05/23 9:54 a.m.•4 views

CVE-2024-0951

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.6AI score0.00089EPSS

RedhatCVE•added 2025/05/23 9:54 a.m.•18 views

CVE-2024-0559

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

6.5CVSS5.7AI score0.00319EPSS

RedhatCVE•added 2025/05/23 9:54 a.m.•7 views

CVE-2024-0561

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.4CVSS5.7AI score0.00272EPSS