CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

EUVD•added 2026/04/22 9:31 a.m.•2 views

EUVD-2026-24644

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

6.4CVSS5.9AI score0.0002EPSS

Exploits0References14

NVD•added 2026/04/22 9:16 a.m.•2 views

CVE-2026-4074

6.4CVSS0.0002EPSS

Exploits0References13

ATTACKERKB•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-4074

6.4CVSS5.7AI score0.0002EPSS

Exploits0References14

Vulnrichment•added 2026/04/22 7:45 a.m.•1 views

CVE-2026-4074 Quran Live Multilanguage <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS5.9AI score0.0002EPSS

Exploits0References13

CNNVD•added 2026/04/22 12:0 a.m.•4 views

WordPress plugin Quran Live Multilanguage 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.0002EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34278

Name of the Vulnerable Software and Affected Versions Quran Live Multilanguage plugin for WordPress versions prior to 1.0.4 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The quran live render...

6.4CVSS6AI score0.0002EPSS

Exploits0References16

EUVD•added 2026/04/08 9:31 a.m.•0 views

EUVD-2026-20109

The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation in the quranplaylistoptions function that handles the plugin's settings page. The function processes POST requests to update...

4.3CVSS5.8AI score0.00006EPSS

Exploits0References6

NVD•added 2026/04/08 7:16 a.m.•1 views

CVE-2026-4141

4.3CVSS0.00006EPSS

Exploits0References5

CVE•added 2026/04/08 6:43 a.m.•9 views

CVE-2026-4141

The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7 due to missing nonce validation in the quran_playlist_options() function that handles the plugin’s settings page. The function processes POST requests to update options ...

4.3CVSS5.8AI score0.00006EPSS

Exploits0References5

Vulnrichment•added 2026/04/08 6:43 a.m.•0 views

CVE-2026-4141 Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form

4.3CVSS5.8AI score0.00006EPSS

Exploits0References5

Cvelist•added 2026/04/08 6:43 a.m.•16 views

CVE-2026-4141 Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form

4.3CVSS0.00006EPSS

Exploits0References5

Patchstack•added 2026/04/08 1:44 a.m.•3 views

WordPress Quran Translations plugin <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form vulnerability

Cross-Site Request Forgery to Playlist Settings Form vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Quran Translations versions = 1.7...

4.3CVSS5.9AI score0.00006EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/08 12:0 a.m.•4 views

WordPress plugin Quran Translations 跨站请求伪造漏洞

4.3CVSS5.8AI score0.00006EPSS

Exploits0References5

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31099

The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation in the quran playlist options function that handles the plugin's settings page. The function processes POST requests to update...

4.3CVSS5.8AI score0.00006EPSS

Exploits0References7

RedhatCVE•added 2025/12/21 4:12 a.m.•4 views

CVE-2025-14164

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

4.3CVSS5.3AI score0.00011EPSS

Exploits0References1

EUVD•added 2025/12/20 6:30 a.m.•1 views

EUVD-2025-204631

4.3CVSS4.9AI score0.00011EPSS

Exploits0References4

NVD•added 2025/12/20 4:16 a.m.•1 views

CVE-2025-14164

4.3CVSS0.00011EPSS

Exploits0References3

Cvelist•added 2025/12/20 3:20 a.m.•16 views

CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00011EPSS

Exploits0References3

CVE•added 2025/12/20 3:20 a.m.•5 views

CVE-2025-14164

Technical details about CVE-2025-14164 are not publicly provided in the supplied documents. The initial description mentions a CSRF vulnerability in Quran Gateway for WordPress up to version 1.5, but no further technical specifics are available here.

4.3CVSS5AI score0.00011EPSS

Exploits0References3

Vulnrichment•added 2025/12/20 3:20 a.m.•1 views

CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update

4.3CVSS4.9AI score0.00011EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by