CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/07/16 6:15 a.m.•4 views

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes i...

4.8CVSS5.9AI score0.00205EPSS

Packet Storm•added 2025/07/16 12:0 a.m.•102 views

📄 WordPress WP Publications 1.2 Cross Site Scripting

WordPress WP Publication plugin version 1.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage:...

4.8CVSS6.6AI score0.0116EPSS

Exploits3

OSV•added 2025/06/26 3:15 a.m.•1 views

CVE-2025-5275

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping...

4CVSS5.9AI score0.00181EPSS

OSV•added 2025/06/19 6:15 a.m.•1 views

CVE-2025-5490

The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.8CVSS5.9AI score0.00214EPSS

OSV•added 2025/06/09 6:15 a.m.•3 views

CVE-2025-3581

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

4.8CVSS5.8AI score0.0022EPSS

CVE•added 2025/06/09 6:0 a.m.•106 views

CVE-2025-3582

CVE-2025-3582 affects the Newsletter WordPress plugin prior to version 8.85. The issue arises from inadequate sanitisation/escaping of Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Public sources in the provid...

4.8CVSS5.4AI score0.0022EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/06/09 6:0 a.m.•16 views

CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget

0.0022EPSS

NVD•added 2025/06/06 1:15 p.m.•5 views

CVE-2025-49294

Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through =...

5.3CVSS0.00306EPSS

Vulnrichment•added 2025/06/06 12:53 p.m.•4 views

CVE-2025-49293 WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2...

4.3CVSS7.1AI score0.00236EPSS

CNNVD•added 2025/06/06 12:0 a.m.•3 views

WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

5.3CVSS5.4AI score0.00306EPSS

CNNVD•added 2025/06/06 12:0 a.m.•2 views

WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞

4.3CVSS4.9AI score0.00236EPSS

RedhatCVE•added 2025/06/05 6:12 a.m.•22 views

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.0021EPSS

Patchstack•added 2025/06/05 12:14 a.m.•6 views

WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...

4.3CVSS6.7AI score0.00236EPSS

Exploits0Affected Software1

OSV•added 2025/06/03 6:15 a.m.•3 views

CVE-2025-3584

4.8CVSS7.3AI score0.0021EPSS

Vulnrichment•added 2025/06/03 6:0 a.m.•10 views

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

5.7AI score0.0021EPSS

CVE•added 2025/06/03 6:0 a.m.•54 views

CVE-2025-3584

The CVE-2025-3584 entry concerns the WordPress Newsletter plugin, affected in versions prior to 8.8.2. The vulnerability arises from insufficient sanitization/escaping of Subscription settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html ...

4.8CVSS5.7AI score0.0021EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/06/02 6:0 a.m.•17 views

CVE-2025-1485 Real Cookie Banner < 5.1.6 - Admin+ Stored XSS

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...

0.0021EPSS