CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE•added 2026/02/19 4:36 a.m.•5 views

CVE-2025-14270

CVE-2025-14270 (OneClick Chat to Order, WordPress) The WordPress plugin is vulnerable to an authorization bypass in versions

2.7CVSS5.5AI score0.00014EPSS

Exploits0References7

Patchstack•added 2026/02/19 12:2 a.m.•5 views

WordPress OneClick Chat to Order plugin <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Editor+ Plugin Settings Update vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin OneClick Chat to Order versions = 1.0.9...

2.7CVSS5.5AI score0.00014EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/24 3:18 p.m.•3 views

CVE-2026-24542

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through = 2.1.0...

4.3CVSS5.3AI score0.00008EPSS

Exploits0References1

Patchstack•added 2026/01/24 1:36 p.m.•5 views

WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WP Term Order versions = 2.1.0...

4.3CVSS5.9AI score0.00008EPSS

Exploits0Affected Software1

ATTACKERKB•added 2026/01/23 2:28 p.m.•2 views

CVE-2026-24542

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through = 2.1.0...

4.3CVSS5.9AI score0.00008EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 9:28 a.m.•4 views

CVE-2023-45072

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kardi Order auto complete for WooCommerce plugin = 1.2.0 versions...

5.9CVSS5.7AI score0.00063EPSS

Exploits0References1

Patchstack•added 2025/11/24 7:27 a.m.•3 views

WordPress OneClick Chat to Order plugin <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md Shofiur Rahman - Pentest Testing Corp in WordPress Plugin OneClick Chat to Order versions = 1.0.8...

7.5CVSS7AI score0.0005EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/11/22 11:8 a.m.•2 views

CVE-2025-13526 OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

7.5CVSS5.2AI score0.0005EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-4712

Malware in sbrugna...

7.5CVSS6.4AI score0.00484EPSS

Exploits1References5

Vulnrichment•added 2025/04/17 3:48 p.m.•5 views

CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

7.1CVSS5.9AI score0.00219EPSS

Exploits0References1

Cvelist•added 2025/04/01 8:58 p.m.•13 views

CVE-2025-31445 WordPress Pages Order plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a through = 1.1.3...

7.1CVSS0.00219EPSS

Exploits0References1

Vulnrichment•added 2025/04/01 8:58 p.m.•5 views

CVE-2025-31445 WordPress Pages Order plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Pages Order allows Reflected XSS. This issue affects Pages Order: from n/a through 1.1.3...

7.1CVSS6.9AI score0.00219EPSS

Exploits0References1

Patchstack•added 2024/04/05 10:26 a.m.•1 views

WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin WP Sort Order versions = 1.3.1...

8.8CVSS7AI score0.0022EPSS

Exploits0Affected Software1

Vulnrichment•added 2024/01/08 7:0 p.m.•2 views

CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution

The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...

7AI score0.0056EPSS

Exploits2References1

Positive Technologies•added 2024/01/08 12:0 a.m.•4 views

PT-2024-14851 · WordPress · Ni Purchase Order(Po) For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Ni Purchase OrderPO For WooCommerce WordPress plugin versions 1.2.1 and earlier Description: The issue allows high-privileged users to upload arbitrary files to the web server by not validating logo and signature image files uploaded in t...

7.2CVSS6.8AI score0.0056EPSS

Exploits2References5

Cvelist•added 2023/11/30 4:59 p.m.•20 views

CVE-2023-47521 WordPress Q2W3 Post Order Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8...

7.1CVSS7.2AI score0.00193EPSS

Exploits0References1

CNNVD•added 2023/11/14 12:0 a.m.•1 views

WordPress Plugin OneClick Chat to Order Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin OneClick Chat to Order has...

5.9CVSS6.6AI score0.00127EPSS

Exploits0References2

Positive Technologies•added 2023/10/18 12:0 a.m.•2 views

PT-2023-29391 · WordPress · Kardi Order Auto Complete For Woocommerce

Name of the Vulnerable Software and Affected Versions: Kardi Order auto complete for WooCommerce plugin versions = 1.2.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Kardi...

5.9CVSS5.4AI score0.00063EPSS

Exploits0References4

Patchstack•added 2015/11/23 12:0 a.m.•6 views

WordPress My Link Order Plugin <= 4.3 - Cross Site Scripting (XSS)

Because of this XSS vulnerability, authenticated users can inject HTML or JS code. Vulnerable parameters are "cats" and "hdnCatID". Solution Update the plugin...

0.8AI score

Exploits0References1Affected Software1

Patchstack•added 2015/08/13 12:0 a.m.•8 views

WordPress My Page Order Plugin <= 4.3 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameters are "pages" and "hdnParentID". Solution Upgrade this plugin...

1.6AI score

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by