Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33447 matches found

Nuclei
Nucleiadded 13 hours ago29 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6AI score0.92445EPSS
Exploits5References5
Nuclei
Nucleiadded 13 hours ago25 views

WordPress Download Manager <2.9.94 - Cross-Site Scripting

WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter. id: CVE-2019-15889 info: name: WordPress Download Manager 2.9.94 - Cross-Site Scripting author: daffainf...

6.1CVSS5.8AI score0.04462EPSS
Exploits6References5
Nuclei
Nucleiadded 13 hours ago21 views

WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...

4.3CVSS5.2AI score0.10051EPSS
Exploits1References4
Nuclei
Nucleiadded 13 hours ago32 views

WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting

A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. id: CVE-2012-4768 info: name: WordPress Plugin Download Monitor 3.3.5.9 - Cross-Site...

4.3CVSS5.2AI score0.01936EPSS
Exploits2References5
Nuclei
Nucleiadded 13 hours ago31 views

ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting

A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. id: CVE-2011-5181 info: name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripti...

4.3CVSS5.1AI score0.01282EPSS
Exploits1References5
Nuclei
Nucleiadded 13 hours ago16 views

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...

4.3CVSS5.2AI score0.00989EPSS
Exploits1References5
Nuclei
Nucleiadded 13 hours ago12 views

Alert Before Your Post <= 0.1.1 - Cross-Site Scripting

A cross-site scripting vulnerability in postalert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. id: CVE-2011-5107 info: name: Alert Before Your Post = 0.1.1 - Cross-Site...

4.3CVSS5.2AI score0.00798EPSS
Exploits1References4
Nuclei
Nucleiadded 13 hours ago27 views

Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting. id: CVE-2022-0250 info: name: Redirection for Contact Form 7 2.5.0 - Cross-Site Scripting author: ritikchaddha...

6.1CVSS6.2AI score0.02834EPSS
Exploits1References2
Nuclei
Nucleiadded 13 hours ago18 views

Timesheet Plugin < 0.1.5 - Cross-Site Scripting

The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. id: CVE-2017-18590 info: name: Timesheet Plugin 0.1.5 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. impact: | Authenticated...

6.1CVSS6AI score0.00015EPSS
Exploits1References3
Nuclei
Nucleiadded 13 hours ago21 views

Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24934 info: name: Visual CSS Style Editor 7.5.4 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The...

6.1CVSS6.1AI score0.03752EPSS
Exploits2References2
Nuclei
Nucleiadded 13 hours ago26 views

Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal

Directory traversal vulnerability in the Tom M8te tom-m8te plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. id: CVE-2014-5187 info: name: Tom M8te tom-m8te Plugin 1.5.3 - Directory Traversal author: DhiyaneshDK severity:...

5CVSS8.6AI score0.00232EPSS
Exploits1References2
Nuclei
Nucleiadded 13 hours ago22 views

Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

5.3CVSS5.2AI score0.01482EPSS
Exploits1References3
Nuclei
Nucleiadded 13 hours ago7 views

WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS

Marcelotorres Redirect After Login plugin = 0.1.9 contains a stored cross-site scripting caused by insufficient sanitization in the login redirect parameter, letting attackers execute scripts in the context of the affected site, exploit requires admin privileges. id: CVE-2023-27624 info: name:...

5.9CVSS6.5AI score0.00717EPSS
Exploits0References2
Nuclei
Nucleiadded 13 hours ago16 views

WordPress Mailster <=1.5.4 - Cross-Site Scripting

WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. id: CVE-2017-17451 info: name: WordPress Mailster =1.5.5 which includes a fix for this vulnerability. reference: -...

6.1CVSS5.8AI score0.14343EPSS
Exploits0References5
Nuclei
Nucleiadded 13 hours ago37 views

Joomla! Plugin Core Design Scriptegrator - Local File Inclusion

A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files...

7.5CVSS8.7AI score0.06371EPSS
Exploits1References5
Nuclei
Nucleiadded 13 hours ago65 views

Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

9.8CVSS9.1AI score0.93531EPSS
Exploits14References5
Nuclei
Nucleiadded 13 hours ago39 views

WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution

WordPress WPCargo Track & Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain...

9.8CVSS9.1AI score0.91581EPSS
Exploits3References5
Nuclei
Nucleiadded 13 hours ago21 views

WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting

The Wordpress plugin WooCommerce PDF Invoices & Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard. id: CVE-2021-24991 info: name: WooCommerce PDF Invoices & Packing Slips...

4.8CVSS4.9AI score0.03364EPSS
Exploits3References4
Nuclei
Nucleiadded 13 hours ago13 views

WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting

Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes. id: CVE-2022-1221 info: name: WordPress Gwyn's Imagemap Selector =0.3.3 - Cross-Site...

6.1CVSS5.8AI score0.03252EPSS
Exploits1References4
Nuclei
Nucleiadded 17 hours ago29 views

WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

7.5CVSS7.2AI score0.64994EPSS
Exploits2References5
Rows per page
Query Builder