Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

16 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:16 a.m.1 views

CVE-2025-14370

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

5.3CVSS5.9AI score0.00048EPSS
Exploits0References1
NVD
NVDadded 2026/01/07 12:16 p.m.1 views

CVE-2025-14370

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS0.00048EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/07 6:35 a.m.3 views

CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS5.5AI score0.00048EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/07 6:35 a.m.21 views

CVE-2025-14370 Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecommentsaddadmin function. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS0.00048EPSS
Exploits0References2
CVE
CVEadded 2026/01/07 6:35 a.m.14 views

CVE-2025-14370

CVE-2025-14370 corresponds to the Quote Comments plugin for WordPress with Missing Authorization in all versions up to 3.0.0. The vulnerability allows authenticated users with Subscriber+ privileges to update arbitrary plugin options via the ‘action’ parameter, per Wordfence reporting. Current st...

4.3CVSS5.5AI score0.00048EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/07 12:0 a.m.3 views

PT-2026-1565

Name of the Vulnerable Software and Affected Versions Quote Comments plugin for WordPress versions through 3.0.0 Description The Quote Comments plugin for WordPress is susceptible to a missing authorization issue. This flaw stems from the absence of proper authorization checks within the...

5.3CVSS6.4AI score0.00048EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/01/07 12:0 a.m.1 views

WordPress plugin Quote Comments 安全漏洞

...

5.3CVSS6.7AI score0.00048EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/01/06 10:12 p.m.4 views

WordPress Quote Comments plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Quote Comments versions = 3.0.0...

5.3CVSS6.8AI score0.00048EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-4065

Malicious code in bioql PyPI...

7.1CVSS9.1AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/09 10:18 a.m.3 views

CVE-2025-25156

Cross-Site Request Forgery CSRF vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through = 3.0.0...

7.1CVSS7.2AI score0.0013EPSS
Exploits0References1
NVD
NVDadded 2025/02/07 10:15 a.m.9 views

CVE-2025-25156

Cross-Site Request Forgery CSRF vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through = 3.0.0...

7.1CVSS0.0013EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/02/07 10:11 a.m.12 views

CVE-2025-25156 WordPress Quote Comments plugin <= 3.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through = 3.0.0...

7.1CVSS0.0013EPSS
Exploits0References1
CVE
CVEadded 2025/02/07 10:11 a.m.44 views

CVE-2025-25156

CVE-2025-25156 concerns WordPress Quote Comments plugin. The affected software is Quote Comments, version range up to 2.2.1 (vulnerable). The issue is a CSRF that enables Stored XSS, as described in the CVE description. The CVSS 3.1 base score is 7.1 (HIGH) with Network attack vector, requiring u...

7.1CVSS7.2AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/02/07 10:11 a.m.5 views

CVE-2025-25156 WordPress Quote Comments plugin <= 3.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through = 3.0.0...

7.1CVSS7.2AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/02/07 12:0 a.m.1 views

PT-2025-5964 · Unknown · Stanko Metodiev Quote Comments

Name of the Vulnerable Software and Affected Versions: Stanko Metodiev Quote Comments versions through 2.2.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Stanko Metodiev Quote Comments. Recommendations: For versions through 2.2.1, update to a...

7.1CVSS9.1AI score0.0013EPSS
Exploits0References5
Patchstack
Patchstackadded 2025/02/03 4:12 p.m.2 views

WordPress Quote Comments plugin <= 3.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Quote Comments versions = 3.0.0...

7.1CVSS6.2AI score0.0013EPSS
Exploits0Affected Software1
Rows per page
Query Builder