CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

EUVD•added 2025/12/13 6:30 p.m.•2 views

EUVD-2025-203243

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References5

Cvelist•added 2025/12/13 8:21 a.m.•26 views

CVE-2025-8780 Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets

6.4CVSS0.00037EPSS

Exploits0References4

CVE•added 2025/12/13 8:21 a.m.•13 views

CVE-2025-8780

CVE-2025-8780 affects the WordPress plugin Livemesh SiteOrigin Widgets (versions up to and including 3.9.1). The issue is a Stored Cross-Site Scripting (XSS) in the plugin’s widgets (Hero Header and Pricing Table) caused by insufficient input sanitization and output escaping on user-supplied attr...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Patchstack•added 2025/12/13 3:7 a.m.•5 views

WordPress Livemesh SiteOrigin Widgets plugin <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Livemesh SiteOrigin Widgets versions = 3.9.1...

6.4CVSS5.5AI score0.00037EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/12/13 12:0 a.m.•2 views

WordPress plugin Livemesh SiteOrigin Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00037EPSS

Exploits0References5

RedhatCVE•added 2025/11/22 9:45 a.m.•10 views

CVE-2025-12964

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00037EPSS

Exploits0References1

NVD•added 2025/11/21 10:15 a.m.•3 views

CVE-2025-12964

6.4CVSS0.00037EPSS

Exploits0References4

Vulnrichment•added 2025/11/21 9:27 a.m.•3 views

CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

6.4CVSS4.5AI score0.00037EPSS

Exploits0References4

CVE•added 2025/11/21 9:27 a.m.•12 views

CVE-2025-12964

CVE-2025-12964 : The WordPress plugin Magical Products Display (MPD Pricing Table widget) is vulnerable to Stored XSS in all versions up to 1.1.29 due to insufficient input sanitization and output escaping of user-supplied HTML tag names in the mpdpr_title_tag and mpdpr_subtitle_tag parameters. E...

6.4CVSS4.6AI score0.00037EPSS

Exploits0References4

Cvelist•added 2025/11/21 9:27 a.m.•10 views

CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

6.4CVSS0.00037EPSS

Exploits0References4

Positive Technologies•added 2025/11/21 12:0 a.m.•2 views

PT-2025-47715

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdpr title tag' and 'mpdpr subtitle tag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00037EPSS

Exploits0References5

Patchstack•added 2025/11/20 11:49 p.m.•4 views

WordPress Magical Products Display plugin <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Products Display versions = 1.1.29...

6.4CVSS5.7AI score0.00037EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-27103

Malicious code in bioql PyPI...

6.4CVSS8.6AI score0.00168EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-17247

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00284EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-46468

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00268EPSS

Exploits0References5

OSV•added 2025/06/07 12:15 p.m.•1 views

CVE-2024-9994

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelpricingitemtooltipcontent parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due...

5.4CVSS5.9AI score0.00123EPSS

Exploits0References2

CVE•added 2025/06/07 11:17 a.m.•131 views

CVE-2024-9994

CVE-2024-9994 affects the WordPress plugin Essential Addons for Elementor – Pricing Table Widget. Vulnerable component: eael_pricing_item_tooltip_content; vulnerability type: Stored Cross-Site Scripting (XSS) due to insufficient input sanitization/output escaping. Affected versions: all up to 6.1...

6.4CVSS5.7AI score0.00123EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/06/07 11:17 a.m.•4 views

CVE-2024-9994 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

6.4CVSS5.8AI score0.00123EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 8:28 a.m.•5 views

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00268EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:24 a.m.•2 views

CVE-2024-1499

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.2AI score0.00284EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by