CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

140 matches found

Cvelist•added 2026/05/27 2:49 p.m.•34 views

CVE-2026-49046 WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

8.5CVSS0.00033EPSS

Exploits0References1

Patchstack•added 2026/02/11 11:49 p.m.•6 views

WordPress Duplicate Post plugin <= 3.2.3 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Unk9vvN in WordPress Plugin Duplicate Post versions = 3.2.3...

5.5CVSS5.4AI score0.00042EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/02/11 2:56 p.m.•3 views

CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

5.5CVSS5.5AI score0.00042EPSS

Exploits0References5

ATTACKERKB•added 2026/02/11 2:56 p.m.•2 views

CVE-2019-25314

Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

6.4CVSS5.5AI score0.00042EPSS

Exploits0References4Affected Software1

CVE•added 2026/02/11 2:56 p.m.•13 views

CVE-2019-25314

The CVE describes a persistent cross-site scripting (XSS) flaw in the Duplicate-Post WordPress Plugin version 3.2.3, affecting plugin settings parameters. An attacker can inject JavaScript into fields such as title prefix, suffix, menu order, and blacklist, causing code execution in admin interfa...

5.5CVSS5.5AI score0.00042EPSS

Exploits0References5

Positive Technologies•added 2026/02/11 12:0 a.m.•6 views

PT-2026-7608

6.4CVSS5.5AI score0.00042EPSS

Exploits0References5

Vulnrichment•added 2026/01/05 10:42 a.m.•2 views

CVE-2025-68547 WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through = 2.4.0...

7.5CVSS5.2AI score0.00035EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:22 a.m.•23 views

CVE-2025-64258 WordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through = 2.3.9...

7.5CVSS0.00042EPSS

Exploits0References1

NVD•added 2025/12/09 4:18 p.m.•1 views

CVE-2025-67533

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through = 1.3.0...

7.1CVSS0.00029EPSS

Exploits0References1

NVD•added 2025/11/27 3:15 a.m.•10 views

CVE-2025-12649

The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the sorttablepost shortcode in all versions up to, and including, 4.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it...

6.4CVSS0.00032EPSS

Exploits0References2

Patchstack•added 2025/11/26 11:52 p.m.•5 views

WordPress SortTable Post plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SortTable Post versions = 4.2...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/11/25 7:28 a.m.•4 views

CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS0.00038EPSS

Exploits0References3

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-62042 WordPress Event post plugin <= 5.10.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through = 5.10.3...

6.5CVSS6AI score0.0003EPSS

Exploits0References1

CNNVD•added 2025/10/22 12:0 a.m.•1 views

WordPress plugin Event post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.0003EPSS

Exploits0References1

Patchstack•added 2025/10/16 1:32 p.m.•4 views

WordPress Event post plugin <= 5.10.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Event post versions = 5.10.3...

6.5CVSS6.1AI score0.0003EPSS

Exploits0Affected Software1