CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

166 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в firefox

If a user saved a response from the Network tab in Devtools using the “Save As” context menu option, the file might not have been saved with the .download file extension. This could have allowed the user to run a malicious executable inadvertently. This vulnerability has been fixed in Firefox 140...

8.1CVSS5.7AI score0.00505EPSS

Exploits0References2

Patchstack•added 2026/01/27 6:20 a.m.•9 views

WordPress Save as PDF Plugin by PDFCrowd plugin <= 4.5.5 - Reflected Cross-Site Scripting via options vulnerability

Reflected Cross-Site Scripting via options vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Save as PDF versions = 4.5.5...

6.1CVSS5.9AI score0.00061EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/25 9:10 p.m.•5 views

CVE-2026-0862

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS5.9AI score0.00061EPSS

Exploits0References1

NVD•added 2026/01/24 4:15 p.m.•4 views

CVE-2026-0862

6.1CVSS0.00061EPSS

Exploits0References2

CVE•added 2026/01/24 3:34 p.m.•9 views

CVE-2026-0862

CVE-2026-0862 concerns the WordPress plugin “Save as PDF Plugin by PDFCrowd.” Wordfence/patch data indicate a Reflected Cross-Site Scripting (XSS) vulnerability via the options parameter in all versions up to 4.5.5, caused by insufficient input sanitization and output escaping. Exploitation by an...

6.1CVSS5.9AI score0.00061EPSS

Exploits0References2

CNNVD•added 2026/01/24 12:0 a.m.•2 views

WordPress plugin “Save as PDF Plugin” by PDFCrowd has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00061EPSS

Exploits0References3

Positive Technologies•added 2026/01/24 12:0 a.m.•3 views

PT-2026-4617

Name of the Vulnerable Software and Affected Versions Save as PDF Plugin for WordPress versions prior to 4.5.6 Description The Save as PDF Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the options parameter. Insufficient input sanitization and output escaping allow...

6.1CVSS5.6AI score0.00061EPSS

Exploits0References5

CNVD•added 2025/11/18 12:0 a.m.•2 views

WordPress Save as PDF Button plugin cross-site scripting vulnerability

The WordPress Save as PDF Button plugin is a tool that adds one-click PDF generation functionality to WordPress websites, allowing visitors to save web content e.g., articles, product pages, etc. as PDF files with the click of a button. WordPress Save as PDF Button plugin has a cross-site scripti...

6.4CVSS6.2AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2025/11/14 9:9 a.m.•3 views

CVE-2025-8397

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00031EPSS

Exploits0References1

EUVD•added 2025/11/13 8:27 a.m.•1 views

EUVD-2025-158260

6.4CVSS4.6AI score0.00031EPSS

Exploits0References4

Vulnrichment•added 2025/11/13 8:27 a.m.•3 views

CVE-2025-8397 Save as PDF Button <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

CVE•added 2025/11/13 8:27 a.m.•11 views

CVE-2025-8397

The CVE concerns the WordPress plugin Save as PDF Button. All versions up to 1.9.2 are vulnerable to Stored Cross-Site Scripting via the restpackpdfbutton shortcode due to insufficient sanitization/escaping of user attributes. Authenticated attackers with contributor-level access (or higher) can ...

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

Patchstack•added 2025/11/13 12:10 a.m.•4 views

WordPress Save as PDF Button plugin <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via restpackpdfbutton Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Save as PDF Button versions = 1.9.2...

6.4CVSS5.5AI score0.00031EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/13 12:0 a.m.•6 views

PT-2025-46794

Name of the Vulnerable Software and Affected Versions Save as PDF Button plugin for WordPress versions prior to 1.9.3 Description The software has a flaw due to insufficient input sanitization and output escaping on user-supplied attributes within the restpackpdfbutton shortcode. This allows...

6.4CVSS6.5AI score0.00031EPSS

Exploits0References5

CNNVD•added 2025/11/13 12:0 a.m.•1 views

WordPress plugin Save as PDF Button 跨站脚本漏洞

6.4CVSS6.1AI score0.00031EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-0003

Malware in sbrugna...

6CVSS5.7AI score0.00142EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•3 views