CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

15745 matches found

CNNVD•added 2025/12/30 12:0 a.m.•2 views

WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

9.6CVSS5.7AI score0.00018EPSS

Exploits0References1

CNVD•added 2025/12/30 12:0 a.m.•2 views

WordPress PowerPack Pro for Elementor plugin missing license vulnerability

WordPress PowerPack Pro for Elementor plugin is an Elementor page builder extension plugin designed for the WordPress platform. A lack of authorization vulnerability exists in WordPress PowerPack Pro for Elementor plugin, which can be exploited by an attacker to leverage a misconfigured access...

7.5CVSS6.8AI score0.00154EPSS

Exploits0References1

CNNVD•added 2025/12/30 12:0 a.m.•1 views

WordPress plugin DesignThemes Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.7AI score0.00024EPSS

Exploits0References1

CNNVD•added 2025/12/30 12:0 a.m.•0 views

WordPress plugin Poptics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS5.8AI score0.00034EPSS

Exploits0References1

CNVD•added 2025/12/30 12:0 a.m.•3 views

WordPress Draft Notify plugin cross-site scripting vulnerability

WordPress Draft Notify plugin is a WordPress plugin for managing draft notifications on your WordPress site. The WordPress Draft Notify plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

5.4CVSS6.1AI score0.00027EPSS

Exploits0References1

Vulnrichment•added 2025/12/29 11:51 p.m.•2 views

CVE-2025-23554 WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through = 3.0.3...

7.1CVSS8.6AI score0.0008EPSS

Exploits0References1

Vulnrichment•added 2025/12/29 11:32 p.m.•1 views

CVE-2025-23458 WordPress Ads24 Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0...

7.1CVSS6AI score0.0008EPSS

Exploits0References1

CVE•added 2025/12/29 11:10 p.m.•9 views

CVE-2025-68499

CVE-2025-68499 describes a DOM-Based XSS in Crocoblock’s JetTabs WordPress plugin (JetTabs) up to version 2.2.12. The issue arises from improper neutralization of input during web page generation, enabling stored XSS when a user interacts with JetTabs. Affected software: Crocoblock JetTabs (WordP...

6.5CVSS5.9AI score0.00024EPSS

Exploits0References1

Cvelist•added 2025/12/29 9:15 p.m.•24 views

CVE-2025-68503 WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through = 2.4.7...

6.5CVSS0.00032EPSS

Exploits0References1

Vulnrichment•added 2025/12/29 9:10 p.m.•1 views

CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5...

6.5CVSS5.6AI score0.00024EPSS

Exploits0References1

Cvelist•added 2025/12/29 9:10 p.m.•22 views

CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

6.5CVSS0.00024EPSS

Exploits0References1

Cvelist•added 2025/12/29 4:0 p.m.•24 views

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS0.00025EPSS

Exploits0References1

Vulnrichment•added 2025/12/29 4:0 p.m.•1 views

CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS5.7AI score0.00025EPSS

Exploits0References1

Patchstack•added 2025/12/29 12:31 p.m.•3 views

WordPress Flaming Password Reset plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Flaming Password Reset versions = 1.0.3...

5.4CVSS6.1AI score0.00024EPSS

Exploits0Affected Software1

Patchstack•added 2025/12/28 5:14 a.m.•3 views

WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin Theater for WordPress versions = 0.19...

4.3CVSS7AI score0.0003EPSS

Exploits0Affected Software1

Patchstack•added 2025/12/27 10:35 p.m.•3 views

WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin WC Builder versions = 1.2.0...

5.4CVSS5.8AI score0.00029EPSS

Exploits0Affected Software1

CNVD•added 2025/12/26 12:0 a.m.•0 views

WordPress Vimeotheque Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

8.8CVSS5.7AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2025/12/25 1:23 p.m.•2 views

CVE-2025-68599

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.4...

6.5CVSS6AI score0.00029EPSS

Exploits0References1

Patchstack•added 2025/12/25 11:35 a.m.•3 views

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

7.5CVSS6.7AI score0.00108EPSS

Exploits0Affected Software1

Patchstack•added 2025/12/24 7:33 p.m.•3 views

WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin YITH Slider for page builders versions = 1.0.11...

8.1CVSS6.7AI score0.00034EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by