CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Positive Technologies•added 2026/05/05 12:0 a.m.•2 views

PT-2026-36961

Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to...

6.1CVSS6AI score0.00137EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 9:31 a.m.•4 views

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

5.9CVSS5.6AI score0.00207EPSS

Exploits0References1

CNNVD•added 2025/11/06 12:0 a.m.•1 views

WordPress plugin Advanced Settings 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.1CVSS6.8AI score0.00063EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-27892

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00207EPSS

Exploits0References1

Cvelist•added 2025/09/09 4:33 p.m.•7 views

CVE-2025-58975 WordPress Advanced Settings Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through = 3.1.1...

4.3CVSS0.00026EPSS

Exploits0References1

Vulnrichment•added 2025/06/17 3:1 p.m.•2 views

CVE-2025-49865 WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1...

4.3CVSS7.2AI score0.00084EPSS

Exploits0References1

CNNVD•added 2025/06/17 12:0 a.m.•1 views

WordPress plugin Advanced Settings 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Advanced Settings plugin, which stems from the WEB application not adequately verifying that a request is comi...

4.3CVSS6.8AI score0.00084EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 6:41 a.m.•6 views

CVE-2024-9422

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

6.6CVSS7AI score0.00576EPSS

Exploits1References1

CNNVD•added 2025/01/23 12:0 a.m.•1 views

WordPress plugin XTRA Settings 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.6AI score0.00178EPSS

Exploits0References2

OSV•added 2024/10/04 5:15 a.m.•1 views

CVE-2024-9368

The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

5.4CVSS5.9AI score0.00201EPSS

Exploits0References2

Prion•added 2023/07/01 4:15 a.m.•13 views

Cross site request forgery (csrf)

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...

4.3CVSS4.3AI score0.00141EPSS

Exploits1References9Affected Software1

NVD•added 2023/05/26 12:15 p.m.•10 views

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

5.9CVSS5.4AI score0.00207EPSS

Exploits0References1

CVE•added 2023/05/26 11:19 a.m.•40 views

CVE-2023-25781

CVE-2023-25781 applies to the WordPress plugin Sebastian Krysmanski Upload File Type Settings (versions

5.9CVSS5AI score0.00207EPSS

Exploits0References1Affected Software1

NVD•added 2023/04/23 11:15 a.m.•11 views

CVE-2023-23806

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

5.9CVSS5.5AI score0.00207EPSS

Exploits0References1

OSV•added 2023/04/23 11:15 a.m.•0 views

CVE-2023-23806

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

4.8CVSS6.6AI score

Exploits0References1

CVE•added 2023/04/23 10:37 a.m.•54 views

CVE-2023-23806

CVE-2023-23806 affects WordPress through the Davinder Singh Custom Settings plugin (

5.9CVSS5.1AI score0.00207EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/04/23 10:37 a.m.•9 views

CVE-2023-23806 WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

5.9CVSS5.7AI score0.00207EPSS

Exploits0References1

Vulnrichment•added 2023/04/23 10:37 a.m.•6 views

CVE-2023-23806 WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

5.9CVSS5.7AI score0.00207EPSS

Exploits0References1

0day.today•added 2007/09/24 12:0 a.m.•16 views

AskJeeves Toolbar 4.0.2.53 activex Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================= AskJeeves Toolbar 4.0.2.53 activex Remote Buffer Overflow Exploit ================================================================= // This is new technique I invent call 'he...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by