CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15852 matches found

Vulnrichment•added 2025/10/22 2:32 p.m.•4 views

CVE-2025-52738 WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through = 1.15.0...

6.5CVSS5.1AI score0.00281EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

7.1CVSS0.00214EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•10 views

CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through = 2.24.0...

7.1CVSS0.00283EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

7.1CVSS6AI score0.00283EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•12 views

CVE-2025-49938

CVE-2025-49938 is a stored Cross-Site Scripting (XSS) vulnerability in CrocoBlock JetEngine (WordPress plugin) up to version 3.7.3. The issue stems from improper input neutralization during web page generation. Impact is consistent with stored XSS on JetEngine pages, with CVSS 3.1 base score 6.5 ...

6.5CVSS5.9AI score0.00203EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-49933 WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through = 2.4.4...

6.5CVSS5.2AI score0.00203EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•28 views

CVE-2025-49931

Summary: CVE-2025-49931 affects CrocoBlock JetSearch (JetSearch) WordPress plugin versions through 3.5.10. The flaw is an improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected component is the JetSearch PHP/SQL handling path (the credentialed root cau...

9.3CVSS5.9AI score0.00388EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-49922

The CVE-2025-49922 entry concerns the WordPress WPeMatico RSS Feed Fetcher plugin (

4.3CVSS6.6AI score0.00215EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-49921

CVE-2025-49921 describes an Local File Inclusion (LFI) in the WordPress JetReviews plugin ≤ 3.0.0 due to improper control of the filename in include/require statements, enabling potential local file exposure. The issue affects JetReviews versions up to 3.0.0. Remediation recommended: update JetRe...

7.5CVSS5.9AI score0.00448EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-49906 WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through = 2.9.5.3...

5.3CVSS6.6AI score0.00313EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through = 1.1.9...

6.3CVSS6.6AI score0.0022EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability

6.3CVSS0.0022EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-49373 WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through = 1.4.5...

4.3CVSS6.5AI score0.00128EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-48092 WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: from n/a through = 1.2.3...

7.1CVSS0.00274EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-48091

CVE-2025-48091 affects WordPress AnyComment plugin up to version 0.3.6. Multiple connected sources (CNVD-2025-25836, RH:CVE-2025-48091, PT-2025-43154) attribute SQL Injection to improper neutralization of external SQL elements in AnyComment, enabling arbitrary SQL execution and potential data exp...

8.5CVSS7.3AI score0.00386EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-48091 WordPress AnyComment plugin <= 0.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

8.5CVSS7.3AI score0.00386EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-39534 WordPress Terms Dictionary Plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Somonator Terms Dictionary terms-dictionary allows Reflected XSS.This issue affects Terms Dictionary: from n/a through = 1.5.1...

7.1CVSS0.00274EPSS

Exploits0References1

EUVD•added 2025/10/22 11:25 a.m.•3 views

EUVD-2025-35359

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...

8.1CVSS5.8AI score0.00367EPSS

Exploits0References4

NVD•added 2025/10/22 9:15 a.m.•5 views

CVE-2025-11883

The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS0.00211EPSS

Exploits0References3

Cvelist•added 2025/10/22 8:27 a.m.•8 views

CVE-2025-11819 WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00211EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by