CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

NVD•added 2026/05/25 3:16 p.m.•10 views

CVE-2018-25371

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS0.00348EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 4:6 a.m.•8 views

CVE-2015-9350

The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button...

6.1CVSS6.2AI score0.00913EPSS

Exploits0References1

Patchstack•added 2025/01/16 6:41 p.m.•2 views

WordPress go Social plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin go Social versions = 1.0...

7.1CVSS5.9AI score0.00191EPSS

Exploits0Affected Software1

OSV•added 2025/01/07 6:15 a.m.•1 views

CVE-2024-9697

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweetsettingssave and tweetsettingsupdate functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated...

5.3CVSS5.8AI score0.00373EPSS

Exploits0References4

Cvelist•added 2024/12/09 11:30 a.m.•24 views

CVE-2023-49193 WordPress Grow Social plugin <= 1.30.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NerdPress Hubbub Lite social-pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hubbub Lite: from n/a through = 1.30.0...

5.3CVSS0.00448EPSS

Exploits0References1

Patchstack•added 2024/03/01 12:0 a.m.•6 views

WordPress Wp Social Plugin <= 3.0.0 is vulnerable to Broken Access Control

Software Wp Social Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1763 Patch priority Medium CVSS severity Medium 6.5 Developer Wpmet PSID e224abf48843 Credits Krzysztof Zając Required privilege...

6.5CVSS6.4AI score0.0044EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/01/19 2:50 p.m.•2 views

CVE-2022-47160 WordPress Wp Social Plugin <= 1.9.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0...

6.5CVSS6.5AI score0.00558EPSS

Exploits0References1

Cvelist•added 2024/01/19 2:50 p.m.•18 views

CVE-2022-47160 WordPress Wp Social Plugin <= 1.9.0 is vulnerable to Sensitive Data Exposure

6.5CVSS6.7AI score0.00558EPSS

Exploits0References1

Prion•added 2024/01/16 4:15 p.m.•16 views

Cross site scripting

The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00497EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2024/01/16 3:50 p.m.•15 views

CVE-2022-3836 Seed Social < 2.0.4 - Admin+ Stored XSS

5.6AI score0.00497EPSS

Exploits2References1

Cvelist•added 2024/01/16 3:50 p.m.•24 views

CVE-2022-3836 Seed Social < 2.0.4 - Admin+ Stored XSS

5AI score0.00497EPSS

Exploits2References1

Patchstack•added 2023/06/20 12:0 a.m.•11 views

WordPress WP Sticky Social Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Sticky Social Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3320 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 98b51e0a5b9a Credits Shunsuke Aoki Required...

8.8CVSS5.7AI score0.01332EPSS

Exploits4References3Affected Software1

Positive Technologies•added 2023/06/20 12:0 a.m.•4 views

PT-2023-24217 · WordPress · Wp Sticky Social

Name of the Vulnerable Software and Affected Versions: WP Sticky Social plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is due to missing nonce validation in the /admin/views/admin.php file, making it possible for unauthenticated attackers to modify the plugin's...

8.8CVSS8.8AI score0.01332EPSS

Exploits4References9

Vulnrichment•added 2023/06/05 1:38 p.m.•10 views

CVE-2023-2503 10WebSocial < 1.2.9 - Reflected XSS

The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00458EPSS

Exploits2References1

Vulnrichment•added 2023/05/23 1:30 p.m.•6 views

CVE-2023-25056 WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in SlickRemix Feed Them Social plugin = 3.0.2 versions...

4.3CVSS8.8AI score0.00256EPSS

Exploits0References1

CVE•added 2023/05/23 1:30 p.m.•38 views

CVE-2023-25056

CVE-2023-25056 is a Cross-Site Request Forgery (CSRF) vulnerability in the SlickRemix Feed Them Social WordPress plugin, affecting versions

8.8CVSS6.5AI score0.00256EPSS

Exploits0References1Affected Software1

Prion•added 2023/05/03 11:15 a.m.•12 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in XiaoMac WP Open Social plugin = 5.0 versions...

4.3CVSS4.8AI score0.00369EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/05/03 10:15 a.m.•19 views

CVE-2023-25792 WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in XiaoMac WP Open Social plugin = 5.0 versions...

5.9CVSS5.5AI score0.00369EPSS

Exploits0References1

Patchstack•added 2023/02/15 12:0 a.m.•7 views

WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Open Social Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25792 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 68defe0a437e Credits Rio Darmawan Required...

5.9CVSS5.8AI score0.00369EPSS

Exploits0References1Affected Software1

Patchstack•added 2022/11/09 12:0 a.m.•28 views

WordPress Seed Social plugin <= 2.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in the WordPress Seed Social plugin versions = 2.0.3. Solution Update the WordPress Seed Social plugin to the latest available version at least 2.0.4...

2.5AI score0.00497EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by