CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15887 matches found

Vulnrichment•added 2025/10/22 2:32 p.m.•4 views

CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

8.8CVSS6.6AI score0.00186EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•13 views

CVE-2025-60209

The CVE-2025-60209 issue is a Deserialization of Untrusted Data vulnerability in the WordPress plugin “Connector for Gravity Forms and Google Sheets” (wp-gravity-forms-spreadsheets), affecting versions up to 1.2.6. All connected sources describe it as PHP Object Injection resulting from untrusted...

9.8CVSS6.6AI score0.00529EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•12 views

CVE-2025-60134 WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through = 2.1.0...

4.3CVSS0.00128EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-60135 WordPress WeShare Buttons Plugin <= 13.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...

5.9CVSS5.6AI score0.00205EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•4 views

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

7.1CVSS6.3AI score0.00116EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-59575

CVE-2025-59575 affects the MasterStudy LMS WordPress plugin (

5CVSS6.5AI score0.00281EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-59006 WordPress Easy Woocommerce Customizer plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through = 1.0.2...

7.1CVSS6AI score0.00216EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•10 views

CVE-2025-58959 WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through = 6.4...

7.7CVSS0.00391EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-53422 WordPress WhatsApp Chat for WordPress and WooCommerce plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through = 1.2.1...

7.1CVSS6AI score0.00214EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•10 views

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...

7.1CVSS6AI score0.00228EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-53351 WordPress Fidelo Snippet plugin <= 1.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fidelo Software GmbH Fidelo Snippet thebing-snippet allows Reflected XSS.This issue affects Fidelo Snippet: from n/a through = 1.12...

7.1CVSS0.00228EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...

7.1CVSS6AI score0.00228EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•10 views

CVE-2025-53234

CVE-2025-53234 is a reflected Cross‑Site Scripting (XSS) vulnerability in AndonDesign UDesign Core for WordPress, affecting Core/UDesign Core versions up to and including 4.14.0. The root cause is improper neutralization of user input during web page generation, allowing injected scripts via vuln...

7.1CVSS6AI score0.00228EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•10 views

CVE-2025-52770

CVE-2025-52770 concerns the WordPress Hello Followers plugin (versions up to and including 2.5). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected component: Hellofollowers plugin; root cause: improper handling...

7.1CVSS6AI score0.00228EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-52743

CVE-2025-52743 describes a Reflected XSS in the WordPress plugin oik-privacy-policy (bobbingwide) with vulnerable versions up to 1.4.9 per the CVE/NVD/Red Hat entries. Public sources also indicate a remediation path: update to a version greater than 1.4.9 (PatchStack references 1.4.10 and beyond)...

7.1CVSS5.9AI score0.00228EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•4 views

CVE-2025-52738 WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through = 1.15.0...

6.5CVSS5.1AI score0.00283EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

7.1CVSS0.00214EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•11 views

CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.24.0...

7.1CVSS0.00283EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•3 views

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

7.1CVSS6AI score0.00283EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•14 views

CVE-2025-49938

CVE-2025-49938 is a stored Cross-Site Scripting (XSS) vulnerability in CrocoBlock JetEngine (WordPress plugin) up to version 3.7.3. The issue stems from improper input neutralization during web page generation. Impact is consistent with stored XSS on JetEngine pages, with CVSS 3.1 base score 6.5 ...

6.5CVSS5.9AI score0.00203EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by