CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

Newsletter < 7.4.5 - Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS6.4AI score0.0313EPSS

Exploits2References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1003

Malware in sbrugna...

7.5CVSS6.7AI score0.01971EPSS

Exploits0References21

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-8822

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-4923

Malware in sbrugna...

6.1CVSS6.3AI score0.00301EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-27072

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00326EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-34474

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00344EPSS

Exploits3References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-15933

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00211EPSS

Exploits4References3

OSV•added 2025/09/12 6:15 a.m.•0 views

CVE-2025-8280

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

5.8CVSS5.8AI score0.00059EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:30 a.m.•2 views

CVE-2024-6020

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $SERVER'REQUESTURI' parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00422EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:29 a.m.•18 views

CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

5.3CVSS6.9AI score0.92282EPSS

Exploits5

Cvelist•added 2025/01/02 6:0 a.m.•8 views

CVE-2024-12595 AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI

The AHAthat Plugin WordPress plugin through 1.6 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00228EPSS

Exploits1References1

Vulnrichment•added 2024/11/12 6:0 a.m.•9 views

CVE-2024-9835 RSS Feed Widget < 3.0.1 - Reflected XSS

The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

5.9AI score0.0015EPSS

Exploits1References1

NVD•added 2024/09/12 6:15 a.m.•9 views

CVE-2024-8056

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS0.00235EPSS

Exploits1References1

Cvelist•added 2024/09/12 6:0 a.m.•10 views

CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS

0.00235EPSS

Exploits1References1

Vulnrichment•added 2024/09/12 6:0 a.m.•14 views

CVE-2024-6018 Music Request Manager <= 1.3 - Reflected XSS

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.00235EPSS

Exploits1References1

Cvelist•added 2024/09/12 6:0 a.m.•12 views

CVE-2024-6018 Music Request Manager <= 1.3 - Reflected XSS

0.00235EPSS

Exploits1References1

Cvelist•added 2024/09/04 6:0 a.m.•16 views

CVE-2024-6020 Sign-up Sheets < 2.2.13 - Reflected XSS

0.00422EPSS

Exploits1References1

Vulnrichment•added 2024/07/15 6:0 a.m.•16 views

CVE-2024-6072 WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI']

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.00216EPSS

Exploits1References1

Cvelist•added 2024/07/15 6:0 a.m.•22 views

CVE-2024-6072 WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI']

0.00216EPSS

Exploits1References1

CVE•added 2024/07/15 6:0 a.m.•41 views

CVE-2024-6072

CVE-2024-6072 affects the WordPress plugin wp-cart-for-digital-products up to version 8.5.4, where $_SERVER['REQUEST_URI'] is not escaped when echoed into an attribute, enabling Reflected XSS in older browsers. Remediation: upgrade to version 8.5.5 or later (the fix). Connected Red Hat and Patchs...

6.1CVSS6.3AI score0.00216EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by