CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/05/15 12:0 a.m.•2 views

PT-2025-21380 · WordPress · Wp-Reply Notify

Name of the Vulnerable Software and Affected Versions: WP-Reply Notify WordPress plugin versions 1.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

4.3CVSS9.2AI score0.00176EPSS

Exploits2References4

Vulnrichment•added 2025/05/14 2:23 a.m.•4 views

CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to...

5.4CVSS5.3AI score0.00266EPSS

Cvelist•added 2025/05/14 2:23 a.m.•41 views

CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

5.4CVSS0.00266EPSS

OSV•added 2025/05/08 7:15 a.m.•3 views

CVE-2025-4127

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00223EPSS

Vulnrichment•added 2025/05/08 6:39 a.m.•7 views

CVE-2025-4127 WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings

6.4CVSS5.7AI score0.00223EPSS

CVE•added 2025/05/08 6:39 a.m.•65 views

CVE-2025-4127

CVE-2025-4127 affects the WP SEO Structured Data Schema WordPress plugin. Versiones up to 2.7.11 are vulnerable to a Stored Cross-Site Scripting (XSS) via the Price Range parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributo...

6.4CVSS5.7AI score0.00223EPSS

Exploits0References3Affected Software1

CNNVD•added 2025/05/06 12:0 a.m.•3 views

WordPress plugin Search Exclude 安全漏洞

5.3CVSS8AI score0.00289EPSS

RedhatCVE•added 2025/05/04 3:59 a.m.•16 views

CVE-2024-13420

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

4.3CVSS6.5AI score0.002EPSS

NVD•added 2025/05/02 4:15 a.m.•11 views

CVE-2024-13419

Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00164EPSS

Positive Technologies•added 2025/05/02 12:0 a.m.•3 views

PT-2025-18753 · WordPress · Smart Framework

Name of the Vulnerable Software and Affected Versions: WordPress plugins and/or themes using Smart Framework affected versions not specified Description: The issue is related to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions. This...

6.4CVSS8.1AI score0.00164EPSS

Exploits0References8

Positive Technologies•added 2025/04/17 12:0 a.m.•3 views

PT-2025-16937 · WordPress · The Ultimate Dashboard

Name of the Vulnerable Software and Affected Versions: The Ultimate Dashboard WordPress plugin versions prior to 3.8.6 Description: The issue concerns a Stored Cross-Site Scripting vulnerability. It arises because the plugin does not properly sanitise and escape some of its settings, allowing...

3.5CVSS4.6AI score0.00219EPSS

Exploits1References8

RedhatCVE•added 2025/04/14 7:1 a.m.•11 views

CVE-2024-13337

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcrclearfy' page. This makes it possibl...

4.3CVSS6.7AI score0.0017EPSS

Vulnrichment•added 2025/04/12 6:37 a.m.•7 views

CVE-2024-13337 Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy'

4.3CVSS6.7AI score0.0017EPSS

Patchstack•added 2025/04/02 10:47 a.m.•7 views

WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Video Playlist versions = 1.1.2...

6.5CVSS8.4AI score0.00247EPSS

Exploits0Affected Software1

Cvelist•added 2025/03/22 6:41 a.m.•12 views

CVE-2025-0807 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update

The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citssettingstab function. This makes it possible for...

4.3CVSS0.00133EPSS

Vulnrichment•added 2025/03/15 9:57 p.m.•10 views

CVE-2025-26899 WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce recapture-for-woocommerce allows Cross Site Request Forgery.This issue affects Recapture for WooCommerce: from n/a through = 1.0.43...

6.5CVSS8.5AI score0.00168EPSS