CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/12/09 10:44 a.m.•4 views

CVE-2025-40937

8.7CVSS7.4AI score0.00493EPSS

Positive Technologies•added 2025/12/09 12:0 a.m.•5 views

PT-2025-50108

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4 Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only...

6.6CVSS6.2AI score0.00348EPSS

Tenable Nessus•added 2025/12/09 12:0 a.m.•5 views

Fortinet Fortigate Insertion of sensitive information into REST API logs (FG-IR-24-268)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-268 advisory. - An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS 7.4.0... CVE-2024-47570 Note that Ness...

6.6CVSS5.5AI score0.00348EPSS

RedhatCVE•added 2025/12/07 6:5 a.m.•4 views

CVE-2025-12574

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS5.3AI score0.00158EPSS

RedhatCVE•added 2025/12/06 11:56 a.m.•6 views

CVE-2025-13620

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/checkcache/type, wslu/v1/savecache/type, and wslu/v1/settings/clearcountercache being registered with...

5.3CVSS5.8AI score0.00328EPSS

NVD•added 2025/12/06 6:15 a.m.•6 views

CVE-2025-12577

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

4.3CVSS0.00158EPSS

NVD•added 2025/12/06 6:15 a.m.•3 views

CVE-2025-12574

4.3CVSS0.00158EPSS

Cvelist•added 2025/12/06 5:49 a.m.•17 views

CVE-2025-13666 Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS0.00232EPSS

Vulnrichment•added 2025/12/06 5:49 a.m.•2 views

CVE-2025-12574 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

4.3CVSS4.9AI score0.00158EPSS

RedhatCVE•added 2025/12/06 5:1 a.m.•4 views

CVE-2025-13006

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.9AI score0.00247EPSS

Positive Technologies•added 2025/12/06 12:0 a.m.•7 views

PT-2025-49332

4.3CVSS5.1AI score0.00158EPSS

Positive Technologies•added 2025/12/06 12:0 a.m.•5 views

PT-2025-49331

4.3CVSS5.3AI score0.00158EPSS

CVE•added 2025/12/05 4:29 a.m.•12 views

CVE-2025-13006

The CVE-2025-13006 entry concerns the WordPress plugin SurveyFunnel – Survey Plugin for WordPress (vulnerable through all versions up to and including 1.1.5). The vulnerability is an Information Disclosure via unprotected REST API endpoints under /wp-json/surveyfunnel/v2/, allowing unauthenticate...

5.3CVSS5.5AI score0.00247EPSS

Packet Storm•added 2025/12/05 12:0 a.m.•151 views

📄 WordPress AI Buddy 1.8.5 Shell Upload

WordPress AI Buddy plugin versions 1.8.5 and below remote shell upload exploit that leverages the REST API attachment functionality. ============================================================================================================================================= | Title : AI Buddy...

9.1CVSS7.2AI score0.00413EPSS

Exploits5

RedhatCVE•added 2025/12/03 8:2 a.m.•4 views

CVE-2025-11726

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient capability checks in the REST API endpoints under the 'fl-controls/v1' namespace that control site-wide Global Presets...

4.3CVSS5.5AI score0.00297EPSS

NVD•added 2025/12/02 8:15 a.m.•3 views

CVE-2025-11726

4.3CVSS0.00297EPSS

Exploits0References4

RedhatCVE•added 2025/11/26 7:58 a.m.•12 views

CVE-2025-13452

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...

4.3CVSS6.2AI score0.00207EPSS

GithubExploit•added 2025/11/25 9:52 a.m.•165 views

webVuln-scanner

WebVuln Scanner An advanced web vulnerability scanner with cu...

7.5AI score

Exploits0

NVD•added 2025/11/25 4:15 a.m.•11 views

CVE-2025-10646

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::getrestpermission method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access an...

4.3CVSS0.00153EPSS