CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2025/10/15 12:17 a.m.•5 views

WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability

Insecure Direct Object Reference to Image Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Quick Featured Images versions = 13.7.2...

4.3CVSS7AI score0.00034EPSS

CNNVD•added 2025/10/15 12:0 a.m.•2 views

WordPress plugin Quick Featured Images 安全漏洞

WordPress Quick Featured Images plugin is a plugin for bulk editing and replacing featured images in WordPress. WordPress Quick Featured Images plugin suffers from an insecure direct object reference vulnerability that stems from the lack of validation of user control keys in the qfisetthumbnail...

4.3CVSS6.8AI score0.00034EPSS

Exploits0References4

Positive Technologies•added 2025/10/15 12:0 a.m.•2 views

PT-2025-42230

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi set thumbnail and qfi delete thumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticate...

4.3CVSS5.7AI score0.00034EPSS

Exploits0References4

CNNVD•added 2025/10/15 12:0 a.m.•1 views

WordPress plugin Quick Social Login 跨站脚本漏洞

WordPress Quick Social Login plugin is a plugin that allows users to quickly log in or sign up through social media accounts such as Facebook, Google, Twitter, LinkedIn, Slack and WordPress.com. The WordPress Quick Social Login plugin suffers from a cross-site scripting vulnerability that stems...

6.4CVSS5.9AI score0.00032EPSS

Exploits0References4

RedhatCVE•added 2025/10/10 4:20 p.m.•5 views

CVE-2025-59995

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS6.9AI score0.00035EPSS

RedhatCVE•added 2025/10/10 4:20 p.m.•5 views

CVE-2025-59994

6.1CVSS6.9AI score0.00035EPSS

EUVD•added 2025/10/09 6:30 p.m.•3 views

EUVD-2025-33372

EUVD•added 2025/10/09 6:30 p.m.•5 views

Exploits0References2

EUVD-2025-33371

NVD•added 2025/10/09 5:16 p.m.•7 views

Exploits0References2

CVE-2025-59995

6.1CVSS0.00035EPSS

OSV•added 2025/10/09 5:16 p.m.•2 views

CVE-2025-59995

5.1CVSS6AI score0.00035EPSS

NVD•added 2025/10/09 5:16 p.m.•7 views

CVE-2025-59994

6.1CVSS0.00035EPSS

OSV•added 2025/10/09 5:16 p.m.•2 views

CVE-2025-59994

5.1CVSS6AI score0.00035EPSS

CVE•added 2025/10/09 4:14 p.m.•12 views

CVE-2025-59995

Juniper Junos Space C?VE-2025-59995 is an XSS vulnerability in the Quick Template page (and related surfaces) that allows script injection leading to commands executed with the target user’s permissions, including administrator. Affected: Junos Space versions prior to 24.1R4. Root cause: improper...

Vulnrichment•added 2025/10/09 4:14 p.m.•4 views

CVE-2025-59995 Junos Space: Template creation through Definition is vulnerable to reflected cross-site script injection

Cvelist•added 2025/10/09 4:13 p.m.•11 views

CVE-2025-59994 Junos Space: Quick Template page is vulnerable to reflected cross-site script injection

6.1CVSS0.00035EPSS

CVE•added 2025/10/09 4:13 p.m.•12 views

CVE-2025-59994

CVE-2025-59994 affects Juniper Junos Space prior to 24.1R4, with an XSS flaw in the Quick Template page due to improper input neutralization during web page generation. An attacker can inject scripts that, when viewed by another user, may execute commands with the target’s permissions (including ...