CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15891 matches found

EUVD•added 2025/10/06 6:32 a.m.•20 views

EUVD-2025-32492

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability...

4.3CVSS5.7AI score0.00162EPSS

Exploits0References3

RedhatCVE•added 2025/10/04 11:53 a.m.•6 views

CVE-2025-10192

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5AI score0.00271EPSS

Exploits0References1

RedhatCVE•added 2025/10/04 11:53 a.m.•14 views

CVE-2025-9892

The Restrict User Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the update function. This makes it possible for unauthenticated attackers to update the plugin's...

5.3CVSS5.2AI score0.00143EPSS

Exploits0References1

RedhatCVE•added 2025/10/04 11:53 a.m.•17 views

CVE-2025-9858

The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abfvehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5AI score0.00216EPSS

Exploits0References1

Vulnrichment•added 2025/10/04 2:24 a.m.•2 views

CVE-2025-9243 Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the getccorders and updateorderstatus functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with...

8.1CVSS4.8AI score0.00279EPSS

Exploits0References3

CNNVD•added 2025/10/04 12:0 a.m.•3 views

WordPress plugin WP Photo Album Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

5.4CVSS5.9AI score0.00191EPSS

Exploits0References3