CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1405 matches found

CNNVD•added 2025/05/15 12:0 a.m.•1 views

WordPress plugin PVN Auth Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.3AI score0.00258EPSS

Exploits1References1

Positive Technologies•added 2025/05/15 12:0 a.m.•2 views

PT-2025-21494 · WordPress · Pvn Auth Popup

Name of the Vulnerable Software and Affected Versions: PVN Auth Popup WordPress plugin versions 1.0.0 and earlier Description: The issue concerns the PVN Auth Popup WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or...

5.4CVSS5.2AI score0.00258EPSS

Exploits1References3

OSV•added 2025/04/04 6:15 a.m.•2 views

CVE-2025-2279

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS5.8AI score

Exploits0References1

NVD•added 2025/04/04 6:15 a.m.•15 views

CVE-2025-2279

5.9CVSS0.00214EPSS

Exploits1References1

Vulnrichment•added 2025/04/04 6:0 a.m.•6 views

CVE-2025-2279 Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS

6AI score0.00214EPSS

Exploits1References1

CVE•added 2025/04/04 6:0 a.m.•65 views

CVE-2025-2279

The CVE-2025-2279 entry concerns the Maps WordPress plugin (versions up to 1.0.6). The issue is that the plugin does not validate and escape certain shortcode attributes before output, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) via the...

5.9CVSS6AI score0.00214EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/04/04 6:0 a.m.•12 views

CVE-2025-2279 Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS

0.00214EPSS

Exploits1References1

CNNVD•added 2025/04/04 12:0 a.m.•4 views

WordPress plugin Maps 安全漏洞

5.9CVSS5.6AI score0.00214EPSS

Exploits1References1

RedhatCVE•added 2025/02/28 6:27 a.m.•8 views

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.8AI score0.00323EPSS

Exploits1References1

OSV•added 2025/02/26 1:15 p.m.•4 views

CVE-2024-10563

5.4CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2025/02/26 6:26 a.m.•7 views

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00263EPSS

Exploits1References1

Vulnrichment•added 2025/02/26 6:0 a.m.•6 views

CVE-2024-10563 WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS

5.4AI score0.00323EPSS

Exploits1References1

Positive Technologies•added 2025/02/26 12:0 a.m.•3 views

PT-2025-8670 · WordPress · Woocommerce Cart Count Shortcode

Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode WordPress plugin versions prior to 1.1.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

5.4CVSS8.3AI score0.00323EPSS

Exploits1References3

OSV•added 2025/02/24 6:15 a.m.•1 views

CVE-2024-12308

5.4CVSS5.8AI score

Exploits0References1

NVD•added 2025/02/24 6:15 a.m.•11 views

CVE-2024-12308

5.4CVSS0.00263EPSS

Exploits1References1

Cvelist•added 2025/02/24 6:0 a.m.•17 views

CVE-2024-12308 Logo Slider < 4.6.0 - Contributor+ Stored XSS

0.00263EPSS

Exploits1References1

Vulnrichment•added 2025/02/24 6:0 a.m.•7 views

CVE-2024-12308 Logo Slider < 4.6.0 - Contributor+ Stored XSS

6AI score0.00263EPSS

Exploits1References1

Cvelist•added 2025/01/31 6:0 a.m.•15 views

CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00292EPSS

Exploits1References1

Vulnrichment•added 2025/01/31 6:0 a.m.•5 views

CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS

5.4AI score0.00292EPSS

Exploits1References1

Positive Technologies•added 2025/01/31 12:0 a.m.•4 views

PT-2025-2187 · WordPress · Woocommerce Product Table Lite

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.9.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before runnin...

7.3CVSS9.5AI score0.00513EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by