CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/10/25 6:49 a.m.•3 views

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

4.3CVSS4.8AI score0.00124EPSS

Cvelist•added 2025/10/25 6:49 a.m.•11 views

CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation

4.3CVSS0.00124EPSS

CVE•added 2025/10/25 6:49 a.m.•22 views

CVE-2025-11976

CVE-2025-11976 concerns FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) for WordPress. According to connected sources, the vulnerability is a Cross-Site Forgery (CSRF) due to missing or incorrect nonce validation in the save_cha...

4.3CVSS4.9AI score0.00124EPSS

Citrix•added 2025/05/15 12:0 a.m.•99 views

NetScaler shows an error stating "String length exceeds maximum [passplain, 31]"

When trying to update an existing certificate file with a new certificate file, upon clicking 'Ok', you see the following error appear: "String length exceeds maximum passplain, 31" The attempt to save the changes made fail because of the error which appears...

7.1AI score

Packet Storm•added 2024/08/29 12:0 a.m.•219 views

Task Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Task Management System 1.0 CSRF add staff Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

7.4AI score

0day.today•added 2024/04/12 12:0 a.m.•223 views

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...

6.5AI score

wpexploit•added 2024/01/23 12:0 a.m.•152 views

Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "Settings" interface...

5.7AI score0.00318EPSS

wpexploit•added 2024/01/23 12:0 a.m.•171 views

WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS

7.9AI score0.00305EPSS

GithubExploit•added 2023/06/02 5:30 a.m.•6 views

Exploit for Cross-site Scripting in Minical

CVE-2023-33408 Minical 1.0.0 is vulnerable to Stored Cross-Si...

5.4CVSS5.5AI score0.00548EPSS

wpexploit•added 2022/12/27 12:0 a.m.•442 views

EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

4.8CVSS4.7AI score0.0047EPSS

wpexploit•added 2022/11/03 12:0 a.m.•88 views

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

4.8CVSS4.7AI score0.00519EPSS

wpexploit•added 2021/09/29 12:0 a.m.•535 views

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. Go to Setting Tab Under Calendar Lite Plugin Under Setting tab Click on Slugs/Permalinks tab Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable...

5.4CVSS0.00629EPSS

0day.today•added 2015/08/09 12:0 a.m.•29 views

Wordpress Avenir-Soft Direct Download Plug-in XSS/CSRF Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Wordpress Avenir-Soft Direct Download Plug-in XSS/CSRF Exploit Author: Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/avenirsoft-directdownload/ Date: 2015-08-06 Tested On: Kali Linux - FireFox...

7.1AI score