CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15796 matches found

Cvelist•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-62024 WordPress Pie Calendar plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through = 1.2.9...

6.5CVSS0.0003EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-62022 WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through = 14.3.4...

7.5CVSS6.6AI score0.00046EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-62020

CVE-2025-62020 concerns the WordPress VOD Infomaniak plugin (≤ 1.5.11). The issue is Cross-Site Scripting caused by improper input neutralization during web page generation, affecting Infomaniak vod-infomaniak. Documented impact is XSS with network attack vector and user interaction required; CVS...

7.1CVSS6AI score0.0003EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-62008 WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...

8.8CVSS0.00113EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-62005

CVE-2025-62005 is a CSRF vulnerability in WordPress plugin SUMO Memberships for WooCommerce (FantasticPlugins) affecting all versions before 7.8.0. Exploitation could enable a CSRF attack against authenticated users, with the NVD/Wordfence data listing a CVSS v3.1 base score of 7.1 (High) and an ...

7.1CVSS6.5AI score0.00016EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-60232 WordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...

9.8CVSS0.00097EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-60224

CVE-2025-60224 affects the WordPress Subscribe to Download plugin (versions

9.8CVSS6.6AI score0.00097EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•3 views

CVE-2025-60224 WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through = 2.0.9...

9.8CVSS6.6AI score0.00097EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•3 views

CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

8.8CVSS6.6AI score0.0002EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-60209

The CVE-2025-60209 issue is a Deserialization of Untrusted Data vulnerability in the WordPress plugin “Connector for Gravity Forms and Google Sheets” (wp-gravity-forms-spreadsheets), affecting versions up to 1.2.6. All connected sources describe it as PHP Object Injection resulting from untrusted...

9.8CVSS6.6AI score0.00097EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•6 views

CVE-2025-60135 WordPress WeShare Buttons Plugin <= 13.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...

5.9CVSS5.6AI score0.00027EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•10 views

CVE-2025-60134 WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through = 2.1.0...

4.3CVSS0.00017EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

7.1CVSS6.3AI score0.00016EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•5 views

CVE-2025-59575

CVE-2025-59575 affects the MasterStudy LMS WordPress plugin (

5CVSS6.5AI score0.00039EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-59006 WordPress Easy Woocommerce Customizer plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through = 1.0.2...

7.1CVSS6AI score0.0003EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•9 views

CVE-2025-58959 WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through = 6.4...

7.7CVSS0.00059EPSS

Exploits0References1

CVE•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...

7.1CVSS6AI score0.00075EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/22 2:32 p.m.•5 views

CVE-2025-53422 WordPress WhatsApp Chat for WordPress and WooCommerce plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through = 1.2.1...

7.1CVSS6AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...

7.1CVSS6AI score0.00075EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-53351 WordPress Fidelo Snippet plugin <= 1.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fidelo Software GmbH Fidelo Snippet thebing-snippet allows Reflected XSS.This issue affects Fidelo Snippet: from n/a through = 1.12...

7.1CVSS0.00075EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by