CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1698 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-46463

Malicious code in bioql PyPI...

9.1CVSS7AI score0.00587EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-49370

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00077EPSS

Exploits0References1

Vulnrichment•added 2025/10/03 11:17 a.m.•2 views

CVE-2025-9858 Auto Bulb Finder for WordPress <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abfvehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS4.7AI score0.00032EPSS

Exploits0References3

Cvelist•added 2025/10/03 11:17 a.m.•7 views

CVE-2025-9080 Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.8 and earlier. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.0004EPSS

Exploits0References4

CNNVD•added 2025/10/03 12:0 a.m.•5 views

WordPress plugin RestroPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

9.8CVSS6.1AI score0.09621EPSS

Exploits5References2

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40504

Name of the Vulnerable Software and Affected Versions Mobile Site Redirect versions up to and including 1.2.1 Description The Mobile Site Redirect plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows...

6.1CVSS5.7AI score0.00012EPSS

Exploits0References5

Vulnrichment•added 2025/10/01 3:25 a.m.•3 views

CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...

5.9CVSS5.6AI score0.00069EPSS

Exploits0References4

Vulnrichment•added 2025/09/30 3:35 a.m.•1 views

CVE-2025-10128 Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00035EPSS

Exploits0References2

Positive Technologies•added 2025/09/27 12:0 a.m.•2 views

PT-2025-39718

Name of the Vulnerable Software and Affected Versions Professional Contact Form plugin for WordPress versions prior to 1.0.1 Description The Professional Contact Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of proper nonce validation within the...

4.3CVSS6.2AI score0.00014EPSS

Exploits0References6

Patchstack•added 2025/09/26 9:51 a.m.•1 views

WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin EmailKit versions = 1.6.0...

4.9CVSS6.7AI score0.00054EPSS

Exploits0Affected Software1

CVE•added 2025/09/26 8:31 a.m.•7 views

CVE-2025-60143

Netgsm plugin for WordPress (Netgsm), versions up to 2.9.58, has a Missing Authorization (Broken Access Control) vulnerability due to incorrectly configured access control levels. The CVE-2025-60143 entry is listed as Unpatched in the provided documents; exploitation status and mitigations are no...

4.3CVSS5.1AI score0.00039EPSS

Exploits0References1

CVE•added 2025/09/26 8:31 a.m.•7 views

CVE-2025-60120

CVE-2025-60120 : WP Directory Kit plugin for WordPress had a Missing Authorization vulnerability affecting versions up to 1.4.0, enabling exploitation of access-control misconfigurations. The Wordfence entry confirms patch in 1.4.0. Remediation: upgrade to a version >= 1.4.0 (or apply vendor p...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References1

Cvelist•added 2025/09/26 8:31 a.m.•14 views

CVE-2025-60093 WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjada Download Manager download-manager allows Cross Site Request Forgery.This issue affects Download Manager: from n/a through = 3.3.24...

4.3CVSS0.00016EPSS

Exploits0References1

OSV•added 2025/09/26 7:15 a.m.•2 views

CVE-2025-10180

The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.1AI score

Exploits0References5

CNNVD•added 2025/09/26 12:0 a.m.•2 views

WordPress plugin The Tribal 跨站脚本漏洞

5.9CVSS5.8AI score0.0003EPSS

Exploits0References2

Patchstack•added 2025/09/22 10:29 p.m.•6 views

WordPress Uni CPO (Premium) plugin <= 4.9.54 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file' vulnerability

Unauthenticated Arbitrary File Upload via 'unicpouploadfile' vulnerability discovered by Ren Voza in WordPress Plugin Uni CPO Premium versions = 4.9.54...

9.8CVSS6.8AI score0.00864EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/09/22 7:11 p.m.•6 views

WordPress Append Link on Copy Plugin <= 0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Append Link on Copy versions = 0.2...

5.9CVSS6.1AI score0.00075EPSS

Exploits0Affected Software1

Cvelist•added 2025/09/22 6:26 p.m.•8 views

CVE-2025-58960 WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through = 2.4.3...

5.9CVSS0.0003EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:26 p.m.•10 views

CVE-2025-58968 WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through = 2.1.3...

5CVSS0.00038EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:25 p.m.•11 views

CVE-2025-59584 WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.6...

6.5CVSS0.00032EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by