CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

ATTACKERKB•added 2026/01/28 6:43 a.m.•3 views

CVE-2025-14039

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00019EPSS

Exploits0References7

Patchstack•added 2026/01/28 1:35 a.m.•6 views

WordPress Simple Folio plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Folio versions = 1.1.1...

6.4CVSS5.9AI score0.00019EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/28 4:57 a.m.•3 views

CVE-2025-12151

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5AI score0.00032EPSS

Exploits0References1

NVD•added 2025/11/27 5:16 a.m.•5 views

CVE-2025-12151

6.4CVSS0.00032EPSS

Exploits0References2

Positive Technologies•added 2025/11/27 12:0 a.m.•0 views

PT-2025-48226

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio name' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5AI score0.00032EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by