CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13519 matches found

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS7.2AI score0.08377EPSS

Exploits3References3

Nuclei•added yesterday•6 views

Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting

Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...

7.2CVSS5.9AI score0.00782EPSS

Exploits0References3

Nuclei•added yesterday•19 views

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

6.1CVSS6.3AI score0.0141EPSS

Exploits1References4

Nuclei•added yesterday•38 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.3AI score0.0141EPSS

Exploits1References4

Nuclei•added yesterday•6 views

WordPress Widgets for Social Photo Feed <= 1.8 - Information Disclosure

Widgets for Social Photo Feed WordPress plugin = 1.8 contains a broken access control caused by missing capability checks on specific REST API endpoints, letting unauthenticated attackers access and modify plugin settings remotely. id: CVE-2025-14726 info: name: WordPress Widgets for Social Photo...

6.5CVSS5.8AI score0.0083EPSS

Exploits0References3

Nuclei•added yesterday•29 views

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

6.1CVSS6.3AI score0.02231EPSS

Exploits2References5

Circl•added yesterday•9 views

CVE-2026-44727

creationtimestamp| type| source ---|---|--- 2026-06-23 00:00:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mow3tlg6pj2y 2026-06-23 00:00:43+00:00| seen| https://infosec.exchange/users/offseq/statuses/116796479180840470...

9.3CVSS5.8AI score0.00239EPSS

Exploits0References2

Circl•added 2 days ago•5 views

CVE-2025-33128

creationtimestamp| type| source ---|---|--- 2026-06-22 16:28:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movclgmg3t2y...

5.4CVSS5.8AI score0.00136EPSS

Exploits0References1

NVD•added 2 days ago•9 views

CVE-2026-12863

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS0.00226EPSS

Exploits0References1

Cvelist•added 2 days ago•31 views

CVE-2026-12863 Open redirect

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS0.00226EPSS

Exploits0References1

Vulnrichment•added 2 days ago•5 views

CVE-2026-12863 Open redirect

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS5.8AI score0.00226EPSS

Exploits0References1

EUVD•added 2 days ago•7 views

EUVD-2026-38221

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS5.8AI score0.00226EPSS

Exploits0References1

CVE•added 2 days ago•15 views

CVE-2026-12863

Venueless ’ social login contains an unvalidated redirect that could be exploited for phishing via trusted domains. Public records (NVD, CVE records) describe an unvalidated redirect in the social login flow, enabling attackers to lure users to attacker-controlled sites by leveraging trusted doma...

5.1CVSS5.8AI score0.00226EPSS

Exploits0References1

Nuclei•added 2 days ago•42 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS5.9AI score0.0578EPSS

Exploits1References5

Nuclei•added 2 days ago•16 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6AI score0.1544EPSS

Exploits1References3

Nuclei•added 2 days ago•84 views

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

9.8CVSS7.6AI score0.4465EPSS

Exploits4References5

Circl•added 3 days ago•7 views

CVE-2025-71348

creationtimestamp| type| source ---|---|--- 2026-06-21 16:27:12+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mosrzrpvn52y 2026-06-21 17:14:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mosuo6f7cg2k 2026-06-22 11:40:01+00:00| seen|...

8.1CVSS5.8AI score0.00353EPSS

Exploits0References3

Circl•added 3 days ago•6 views

CVE-2026-12781

creationtimestamp| type| source ---|---|--- 2026-06-21 09:57:57+00:00| seen| https://bsky.app/profile/suriq.io/post/3mos4bpp2d52t 2026-06-21 12:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116787984752269342 2026-06-21 12:00:27+00:00| seen|...

8.5CVSS7.1AI score0.00112EPSS

Exploits0References4

Circl•added 3 days ago•7 views

CVE-2026-12774

creationtimestamp| type| source ---|---|--- 2026-06-21 04:30:25+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3morjy2zbp42u 2026-06-21 04:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116786215216470891 2026-06-21 08:34:07+00:00| seen|...

6.5CVSS6.6AI score0.00206EPSS

Exploits0References4

NVD•added 4 days ago•8 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS0.00428EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by