CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Patchstack•added 2026/05/19 12:3 p.m.•5 views

WordPress Sentence To SEO (keywords, description and tags) plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Sentence To SEO keywords, description and tags versions = 1.0...

6.1CVSS5.8AI score0.0002EPSS

Exploits0References1Affected Software1

CVE•added 2026/02/14 6:42 a.m.•10 views

CVE-2026-1901

This CVE entry corresponds to a concrete vulnerability in the WordPress QuestionPro Surveys plugin (versions

6.4CVSS5.8AI score0.00043EPSS

Exploits0References3

Cvelist•added 2025/12/31 7:56 p.m.•22 views

CVE-2025-23707 WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through = 1.0...

7.1CVSS0.0008EPSS

Exploits0References1

CVE•added 2025/12/31 12:59 p.m.•3 views

CVE-2025-62118

CVE-2025-62118 affects the WordPress AdWords Conversion Tracking Code plugin (versions up to 1.0). The issue is a stored XSS caused by improper input neutralization during web page generation, exploitable when data is stored and later rendered. The Wordfence vulnerability report lists this entry ...

6.5CVSS5.9AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 3:46 a.m.•5 views

CVE-2025-11882

The Simple Donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's simpledonate shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.2AI score0.00032EPSS

Exploits0References1

CVE•added 2025/11/11 3:30 a.m.•8 views

CVE-2025-11882

CVE-2025-11882 affects the WordPress plugin Simple Donate (versions

6.4CVSS4.9AI score0.00032EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-31212

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00051EPSS

Exploits0References1

CVE•added 2025/09/05 1:45 p.m.•7 views

CVE-2025-58851

CVE-2025-58851 concerns the WordPress plugin Boxed Content (Boxed Content,

6.5CVSS5.9AI score0.00047EPSS

Exploits0References1

CVE•added 2025/06/20 3:4 p.m.•15 views

CVE-2025-49966

CVE-2025-49966 identifies a CSRF vulnerability in WordPress plugin Oganro Travel Portal Search Widget for HotelBeds APITUDE API (versions up to and including 1.0). The issue affects the plugin from unknown start to 1.0; CVSS v3.1 score 4.3 (Network attack, user interaction required). Exploitation...

4.3CVSS5.9AI score0.00084EPSS

Exploits0References1

Vulnrichment•added 2025/06/20 3:4 p.m.•3 views

CVE-2025-49966 WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0...

4.3CVSS4.6AI score0.00084EPSS

Exploits0References1

Cvelist•added 2025/06/20 3:4 p.m.•9 views

CVE-2025-49966 WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site Request Forgery.This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from...

4.3CVSS0.00084EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:17 a.m.•2 views

CVE-2023-30477

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Essitco AFFILIATE Solution plugin = 1.0 versions...

5.9CVSS5.2AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:12 a.m.•2 views

CVE-2023-23806

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

5.9CVSS5.6AI score0.00207EPSS

Exploits0References1

CVE•added 2025/01/15 3:23 p.m.•53 views

CVE-2025-22731

CVE-2025-22731 concerns a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Build Private Store For Woocommerce (artifact name silverplugins217). Affected are versions n/a through 1.0. The available documents describe the issue as CSRF in this plugin but do not provide explo...

4.3CVSS7.2AI score0.00199EPSS

Exploits0References1

CNNVD•added 2025/01/15 12:0 a.m.•2 views

WordPress plugin WP News Sliders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.2AI score0.00211EPSS

Exploits0References1

Vulnrichment•added 2025/01/02 9:18 a.m.•7 views

CVE-2024-56034 WordPress Services updates for customers plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Irshad Services updates for customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through 1.0...

7.1CVSS7AI score0.00195EPSS

Exploits0References1

Vulnrichment•added 2024/12/16 2:13 p.m.•7 views

CVE-2024-54409 WordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0...

7.1CVSS6.8AI score0.00105EPSS

Exploits0References1

Positive Technologies•added 2024/09/26 12:0 a.m.•2 views

PT-2024-11712 · WordPress · Wordpress Visitors

Name of the Vulnerable Software and Affected Versions: WordPress Visitors plugin for WordPress version 1.0 Description: The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value due to insufficient input sanitization and output...

7.2CVSS6.5AI score0.01684EPSS

Exploits0References10

Positive Technologies•added 2024/09/11 12:0 a.m.•1 views

PT-2024-38637 · WordPress · Simple Headline Rotator

Name of the Vulnerable Software and Affected Versions: The Simple Headline Rotator WordPress plugin version 1.0 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Store...

6.1CVSS5.7AI score0.00182EPSS

Exploits1References7

CNNVD•added 2024/01/08 12:0 a.m.•1 views

WordPress Plugin WP Blogs Planetarium Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.7AI score0.0022EPSS

Exploits2References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by