CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8990 matches found

OSV•added 2025/02/24 6:15 a.m.•1 views

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2025/02/24 6:0 a.m.•7 views

CVE-2024-12308 Logo Slider < 4.6.0 - Contributor+ Stored XSS

6AI score0.00263EPSS

Exploits1References1

Cvelist•added 2025/02/24 6:0 a.m.•17 views

CVE-2024-12308 Logo Slider < 4.6.0 - Contributor+ Stored XSS

0.00263EPSS

Exploits1References1

RedhatCVE•added 2025/02/24 4:24 a.m.•30 views

CVE-2025-1509

The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

9.8CVSS7.5AI score0.00563EPSS

Exploits0References1

RedhatCVE•added 2025/02/24 4:24 a.m.•22 views

CVE-2025-1510

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

9.8CVSS7.5AI score0.00583EPSS

Exploits0References1

RedhatCVE•added 2025/02/22 9:30 a.m.•5 views

CVE-2024-13792

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

9.8CVSS7.6AI score0.00502EPSS

Exploits0References1

OSV•added 2025/02/22 4:15 a.m.•2 views

CVE-2025-1510

9.8CVSS7.6AI score0.00583EPSS

Exploits0References2

NVD•added 2025/02/22 4:15 a.m.•8 views

CVE-2025-1510

9.8CVSS0.00583EPSS

Exploits0References2

NVD•added 2025/02/22 4:15 a.m.•10 views

CVE-2025-1509

9.8CVSS0.00563EPSS

Exploits0References2

OSV•added 2025/02/22 4:15 a.m.•3 views

CVE-2025-1509

9.8CVSS7.6AI score0.00563EPSS

Exploits0References2

CVE•added 2025/02/22 3:21 a.m.•151 views

CVE-2025-1510

CVE-2025-1510 affects the Custom Post Type Date Archives plugin for WordPress (

9.8CVSS7.4AI score0.00583EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/02/22 3:21 a.m.•8 views

CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.4AI score0.00583EPSS

Exploits0References2

Cvelist•added 2025/02/22 3:21 a.m.•27 views

CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.00583EPSS

Exploits0References2

Vulnrichment•added 2025/02/22 3:20 a.m.•9 views

CVE-2025-1509 Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.4AI score0.00563EPSS

Exploits0References2

Cvelist•added 2025/02/22 3:20 a.m.•26 views

CVE-2025-1509 Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.00563EPSS

Exploits0References2

CVE•added 2025/02/22 3:20 a.m.•77 views

CVE-2025-1509

The CVE-2025-1509 shows a vulnerability in the Show Me The Cookies WordPress plugin (versions up to 1.0) enabling unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode. This can allow an attacker to run arbitrary shortcodes on affected sites. The Wordfence a...

9.8CVSS7.4AI score0.00563EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/02/22 12:0 a.m.•3 views

PT-2025-7518 · WordPress · Custom Post Type Date Archives

Name of the Vulnerable Software and Affected Versions: The Custom Post Type Date Archives plugin for WordPress versions up to, and including, 2.7.1 Description: The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution. This issue arises because the...

9.8CVSS9.9AI score0.00583EPSS

Exploits0References11

Positive Technologies•added 2025/02/22 12:0 a.m.•7 views

PT-2025-7328 · WordPress · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms plugin for WordPress versions up to, and including, 2.8.15 Description: The BuddyForms plugin for WordPress is affected by a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping on...

6.4CVSS8.2AI score0.00222EPSS

Exploits0References9

CNNVD•added 2025/02/22 12:0 a.m.•2 views

WordPress plugin Custom Post Type Date Archives 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exis...

9.8CVSS9.3AI score0.00583EPSS

Exploits0References3

CNNVD•added 2025/02/22 12:0 a.m.•4 views

WordPress plugin Show Me The Cookies 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in the...

9.8CVSS8.9AI score0.00563EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by