CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CVE•added 2025/12/06 5:49 a.m.•18 views

CVE-2025-13308

CVE-2025-13308 affects the WordPress Application Passwords plugin. It is a Reflected Cross-Site Scripting vulnerability via the reject_url parameter present in versions up to 0.1.3. The issue arises from insufficient input sanitization and output escaping of user-supplied URLs, enabling javascrip...

5.4CVSS5.3AI score0.0019EPSS

Exploits0References4

Positive Technologies•added 2025/12/06 12:0 a.m.•5 views

PT-2025-49339

The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'reject url' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes...

5.4CVSS5.7AI score0.0019EPSS

Exploits0References5

Snyk•added 2023/10/12 12:0 a.m.•1 views

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the successurl and rejecturl parameters when requesting application passwords. An attacker can inject arbitrary web script...

6.1CVSS5.3AI score

Exploits0References2