CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15723 matches found

CVE-2025-15655 WordPress School Management plugin <= 93.2.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...

7.6CVSS5.8AI score

Exploits0References1

CVE•added 14 hours ago•6 views

CVE-2025-15654

CVE-2025-15654 describes a Reflected XSS in the Fox-themes Prague WordPress plugin (≤ 2.2.8). The root cause is improper neutralization of input during web page generation. Affected software is the Prague plugin, with vulnerable versions listed as up to 2.2.8; the issue is classified with CVSS 3....

7.1CVSS5.8AI score

Exploits0References1

Nuclei•added 17 hours ago•26 views

WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure

WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. id: CVE-2022-2373 info: name: WordPress Simply Schedu...

5.3CVSS6.1AI score0.08392EPSS

Exploits2References5

Nuclei•added 17 hours ago•13 views

WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure

Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina versions up to 6.4.5 contain a vulnerability that exposes sensitive information to unauthorized actors, letting attackers access confidential data, exploit requires no specific conditions. id: CVE-2023-44982 info: name:...

7.5CVSS7.1AI score0.12906EPSS

Exploits0References1

Nuclei•added 17 hours ago•34 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

6.1CVSS6.6AI score0.15068EPSS

Exploits2References2

Nuclei•added 17 hours ago•36 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.2AI score0.0068EPSS

Exploits1References4

Nuclei•added 17 hours ago•9 views

WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Reflected XSS.This issue affects Custom 404 Pro: from n/a through 3.11.1. id: CVE-2024-39646 info: name: WordPress Custom 404 Pro = 3.11.1 - Reflected XSS...

7.1CVSS5.8AI score0.03505EPSS

Exploits0References3

Nuclei•added 17 hours ago•5 views

SquirrelMail Address Add 1.4.2 - Cross-Site Scripting

SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

4.3CVSS5.9AI score0.01747EPSS

Exploits2References2

Nuclei•added 17 hours ago•32 views

WordPress Symposium <=15.8.1 - Cross-Site Scripting

WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/getalbumitem.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2015-9414 info: name:...

6.1CVSS6.2AI score0.03076EPSS

Exploits2References5

Nuclei•added 17 hours ago•6 views

WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting

The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6AI score0.17493EPSS

Exploits0References3

Nuclei•added 17 hours ago•11 views

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

7.1CVSS7.3AI score0.12864EPSS

Exploits0References3

Nuclei•added 17 hours ago•29 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS6.2AI score0.02584EPSS

Exploits1References4

Nuclei•added 17 hours ago•3 views

WordPress GamiPress <= 2.5.7 - SQL Injection

The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv$fieldid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.2117EPSS

Exploits0References1

Nuclei•added 17 hours ago•6 views

MemberSpace WordPress - Cross-Site Scripting

MemberSpace WordPress plugin 2.1.14 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting unauthenticated attackers execute scripts, exploit requires no authentication. id: CVE-2024-13727 info: name: MemberSpace WordPress - Cross-Site Scripting author: Sourabh-Sah...

6.1CVSS7.4AI score0.00501EPSS

Exploits1References2

Nuclei•added 17 hours ago•12 views

LearnPress < 4.2.6.8.1 - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by incorrect implementation of getitemspermissionscheck function in all versions up to 4.2.6.8, letting unauthenticated attackers extract user emails and basic information. id: CVE-2024-5483 info: name: LearnPress...

5.3CVSS5.7AI score0.05516EPSS

Exploits0References1

Nuclei•added 17 hours ago•31 views

Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7.3AI score0.21969EPSS

Exploits2References5

Nuclei•added 17 hours ago•14 views

WP Google Maps < 7.10.43 - Cross-Site Scripting

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO. id: CVE-2019-9912 info: name: WP Google Maps 7.10.43 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via t...

6.1CVSS6.3AI score0.00786EPSS

Exploits1References3

Nuclei•added 17 hours ago•7 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.8AI score0.03607EPSS

Exploits8References2

Nuclei•added 17 hours ago•15 views

Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

8.8CVSS7.3AI score0.1036EPSS

Exploits0References4

Nuclei•added 17 hours ago•10 views

WordPress Backup Migration <= 1.3.6 - Path Traversal

WordPress Backup Migration plugin versions up to 1.3.6 contain a path traversal and file validation issue in handledownloading function, letting unauthenticated attackers download backup files containing sensitive information. id: CVE-2023-6266 info: name: WordPress Backup Migration = 1.3.6 - Pat...

7.5CVSS7.1AI score0.29457EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by