CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3459 matches found

NVD•added 2025/09/09 6:15 a.m.•3 views

CVE-2025-9111

The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00082EPSS

Exploits1References1

OSV•added 2025/09/09 6:15 a.m.•3 views

CVE-2025-8889

The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

3.8CVSS5.9AI score

Exploits0References1

NVD•added 2025/09/09 6:15 a.m.•6 views

CVE-2025-8889

3.8CVSS0.00084EPSS

Exploits2References1

Cvelist•added 2025/09/09 6:0 a.m.•5 views

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

0.00082EPSS

Exploits1References1

Vulnrichment•added 2025/09/09 6:0 a.m.•4 views

CVE-2025-9111 WPBOT < 7.1.0 - Admin+ Stored XSS

4.9AI score0.00082EPSS

Exploits1References1

CVE•added 2025/09/09 6:0 a.m.•12 views

CVE-2025-9111

The CVE-2025-9111 entry applies to the WordPress plugin “AI ChatBot for WordPress” (WPBOT) versions before 7.1.0. The issue is a failure to sufficiently sanitise and escape some settings, which could allow stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

3.5CVSS4.9AI score0.00082EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/09/09 6:0 a.m.•8 views

CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

6.5AI score0.00084EPSS

Exploits2References1

Cvelist•added 2025/09/09 6:0 a.m.•10 views

CVE-2025-8889 Compress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

0.00084EPSS

Exploits2References1

CVE•added 2025/09/09 6:0 a.m.•13 views

CVE-2025-8889

The CVE-2025-8889 affects the WordPress plugin Compress & Upload (versions prior to 1.0.5). The root cause is inadequate validation of uploaded files, allowing high-privilege users (e.g., admin) to upload arbitrary files on the server (including in multisite setups). Exploitation details indicate...

3.8CVSS6.5AI score0.00084EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2025/09/09 12:0 a.m.•6 views

PT-2025-36576

Name of the Vulnerable Software and Affected Versions: Compress & Upload WordPress plugin versions prior to 1.0.5 Description: The Compress & Upload WordPress plugin does not properly validate uploaded files, allowing high privilege users, such as administrators, to upload arbitrary files to the...

3.8CVSS5.9AI score0.00084EPSS

Exploits2References7

NVD•added 2025/09/03 6:15 a.m.•2 views

CVE-2023-3666

The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.3CVSS0.00054EPSS

Exploits1References1

CVE•added 2025/09/03 6:0 a.m.•9 views

CVE-2023-3666

CVE-2023-3666 affects the Sticky Side Buttons WordPress plugin prior to version 2.0.0. The issue is Stored XSS caused by insufficient sanitisation/escaping of certain settings, potentially exploitable by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite)...

3.3CVSS4.9AI score0.00054EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/09/03 6:0 a.m.•8 views

CVE-2023-3666 Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS

0.00054EPSS

Exploits1References1

RedhatCVE•added 2025/09/02 5:40 a.m.•2 views

CVE-2025-5083

The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS5AI score0.00071EPSS

Exploits0References1

NVD•added 2025/08/31 5:15 a.m.•2 views

CVE-2025-5083

5.5CVSS0.00071EPSS

Exploits0References5

CVE•added 2025/08/31 4:25 a.m.•14 views

CVE-2025-5083

The CVE-2025-5083 issue affects the WordPress Amministrazione Trasparente plugin, vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 9.0 due to insufficient input sanitization and output escaping. The vulnerability requires authenticated attackers with administrato...

5.5CVSS4.6AI score0.00071EPSS

Exploits0References5

Vulnrichment•added 2025/08/31 4:25 a.m.•1 views

CVE-2025-5083 Amministrazione Trasparente <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via print_r Function

5.5CVSS4.6AI score0.00071EPSS

Exploits0References5

Positive Technologies•added 2025/08/31 12:0 a.m.•2 views

PT-2025-35389

Name of the Vulnerable Software and Affected Versions: Amministrazione Trasparente plugin for WordPress versions prior to 9.1 Description: The Amministrazione Trasparente plugin for WordPress is susceptible to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...

5.5CVSS5AI score0.00071EPSS

Exploits0References10

RedhatCVE•added 2025/08/30 6:18 p.m.•6 views

CVE-2025-8490

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5AI score0.00045EPSS

Exploits0References1