CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

RedhatCVE•added 2025/11/12 3:46 a.m.•4 views

CVE-2025-12589

The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...

6.1CVSS4.7AI score0.00021EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-19428

Malware in sbrugna...

9.6CVSS8.6AI score0.0013EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-16684

Malicious code in bioql PyPI...

4.8CVSS8.5AI score0.00136EPSS

Exploits2References2

RedhatCVE•added 2025/05/23 7:26 a.m.•3 views

CVE-2024-0973

The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.00127EPSS

Exploits2References1

CVE•added 2025/05/15 8:9 p.m.•27 views

CVE-2024-2869

The CVE concerns the WordPress plugin Easy Property Listings, affected versions prior to 3.5.4. The issue is that the plugin does not properly sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite...

4.8CVSS5.4AI score0.00166EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by