CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33447 matches found

User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. id: CVE-2017-18566 info: name: User Role by BestWebSoft 1.5.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6AI score0.00097EPSS

Exploits1References4

Nuclei•added 13 hours ago•17 views

Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting

The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18562 info: name: Error Log Viewer by BestWebSoft 1.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS...

6.1CVSS6AI score0.00097EPSS

Exploits1References4

Nuclei•added 13 hours ago•18 views

404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection

The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. id: CVE-2015-9323 info: name: 404 to 301 = 2.0.2 - Authenticated Blind SQL Injection author: Harsh severity: critical description: | The 404 to 301 –...

9.8CVSS8.8AI score0.72369EPSS

Exploits4References5

Nuclei•added 13 hours ago•12 views

Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting

The sender plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18564 info: name: Sender by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The sender plugin before 1.2.1 for WordPress has multiple XSS issues. impact: | Authenticat...

6.1CVSS6AI score0.00097EPSS

Exploits1References4

Nuclei•added 13 hours ago•16 views

PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting

The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18529 info: name: PromoBar by BestWebSoft 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6AI score0.00059EPSS

Exploits1References4

Nuclei•added 13 hours ago•28 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6AI score0.00385EPSS

Exploits1References4

Nuclei•added 13 hours ago•57 views

GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...

9.1CVSS7.3AI score0.90401EPSS

Exploits2References5

Nuclei•added 13 hours ago•19 views

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...

6.1CVSS5.7AI score0.03284EPSS

Exploits2References5

Nuclei•added 13 hours ago•29 views

WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. id:...

7.2CVSS8.1AI score0.92823EPSS

Exploits9References5

Nuclei•added 13 hours ago•24 views

WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting

WordPress plugin Sassy Social Share 3.3.40 contains a reflected cross-site scripting vulnerability. id: CVE-2021-24746 info: name: WordPress Sassy Social Share Plugin 3.3.40 - Cross-Site Scripting author: Supras severity: medium description: WordPress plugin Sassy Social Share 3.3.40 contains a...

6.1CVSS5.8AI score0.03785EPSS

Exploits2References3

Nuclei•added 13 hours ago•22 views

WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting

WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event. id: CVE-2021-24510 info: name: WordPress MF Gig Calendar =1.2 which...

6.1CVSS5.9AI score0.21147EPSS

Exploits1References4

Nuclei•added 13 hours ago•31 views

WordPress Realteo <=1.2.3 - Cross-Site Scripting

WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page. id: CVE-2021-24237 info: name:...

6.1CVSS5.9AI score0.63261EPSS

Exploits2References5

Nuclei•added 13 hours ago•32 views

WordPress FoodBakery <2.2 - Cross-Site Scripting

WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakeryradius parameter before outputting it back in the response. id: CVE-2021-24389 info: name: WordPress FoodBakery 2.2 - Cross-Site Scripting author:...

6.1CVSS5.8AI score0.13886EPSS

Exploits2References4

Nuclei•added 13 hours ago•27 views

WordPress WooCommerce <1.13.22 - Cross-Site Scripting

WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter. id: CVE-2021-24300 info: name: WordPress WooCommerce 1.13.22 - Cross-Site Scripting author: cckuailong...

6.1CVSS5.8AI score0.03405EPSS

Exploits5References4

Nuclei•added 13 hours ago•25 views

WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting

The WordPress File Upload plugin before version 4.24.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'dir' parameter in the file browser page before outputting it back, which could allow attackers to execute arbitrary JavaScript code...

6.1CVSS5.4AI score0.18525EPSS

Exploits2References2

Nuclei•added 13 hours ago•13 views

WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0 id: CVE-2025-49029 info: name: WordPress Custom Login And Signup Widget Plugin = 1.0 -...

9.1CVSS5.2AI score0.00687EPSS

Exploits0References2

Nuclei•added 13 hours ago•16 views

WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload

The Adning Advertising plugin for WordPress versions below 1.5.6 is vulnerable to arbitrary file upload, allowing attackers to upload malicious files to the server. id: CVE-2020-36728 info: name: WordPress Plugin Adning Advertising 1.5.6 - Arbitrary File Upload author: iamnoooob,pdresearch...

9.8CVSS8.5AI score0.78937EPSS

Exploits1References4

Nuclei•added 13 hours ago•24 views

WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting

The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...

6.1CVSS6.1AI score0.13204EPSS

Exploits2References2

Nuclei•added 13 hours ago•17 views

SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. id: CVE-2024-6846 info: name: SmartSearchWP = 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | Th...

5.3CVSS5.2AI score0.06306EPSS

Exploits1References2

Nuclei•added 13 hours ago•47 views

Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

6.1CVSS5.1AI score0.04041EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by