CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

NVD•added 2026/01/20 3:20 p.m.•3 views

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

8.1CVSS0.00261EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2009-3836

Malware in sbrugna...

9.3CVSS6AI score0.01772EPSS

Exploits2References25

Patchstack•added 2025/08/20 1:30 p.m.•2 views

WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerability

Cross Site Request Forgery CSRF to Arbitrary Plugin Activation vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Century ToolKit versions = 1.2.1...

5.4CVSS6.7AI score0.00025EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/05/23 5:21 a.m.•2 views

CVE-2023-34031

Cross-Site Request Forgery CSRF vulnerability in Pascal Casier bbPress Toolkit plugin = 1.0.12 versions...

8.8CVSS8.5AI score0.0007EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:12 a.m.•5 views

CVE-2023-23786

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

5.9CVSS5.6AI score0.00177EPSS

Exploits0References1

RedhatCVE•added 2025/05/17 4:15 a.m.•7 views

CVE-2025-4589

The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00164EPSS

Exploits0References1

CVE•added 2025/05/15 3:21 a.m.•32 views

CVE-2025-4589

The Bon Toolkit WordPress plugin (versions up to 1.3.2) is vulnerable to Stored Cross-Site Scripting via the bt-map shortcode due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (contributor level or higher) and can inject scripts that execute wh...

6.4CVSS5.8AI score0.00164EPSS

Exploits0References2

Patchstack•added 2025/01/07 6:4 p.m.•3 views

WordPress The Ultimate WordPress Toolkit plugin <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.11...

7.4CVSS5.8AI score0.00175EPSS

Exploits0References1Affected Software1

NVD•added 2024/11/21 11:15 a.m.•10 views

CVE-2024-10675

The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS0.00745EPSS

Exploits0References2

Patchstack•added 2024/10/29 12:0 a.m.•8 views

WordPress affiliate-toolkit Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10227 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 78a335fc5aaa Credits Peter Thaleikis...

6.4CVSS5.7AI score0.00391EPSS

Exploits0References3Affected Software1

NVD•added 2024/10/26 3:15 a.m.•9 views

CVE-2024-9890

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log i...

8.8CVSS0.14519EPSS

Exploits1References3

Patchstack•added 2024/08/09 12:30 a.m.•1 views

WordPress affiliate-toolkit plugin <= 3.5.5 - Unauthenticated Full Path Dislcosure vulnerability

Unauthenticated Full Path Dislcosure vulnerability discovered by stealthcopter in WordPress Plugin affiliate-toolkit versions = 3.5.5...

5.3CVSS7AI score0.00305EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/16 3:12 p.m.•3 views

WordPress Gutenberg Block Editor Toolkit plugin <= 1.40.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Gutenberg Block Editor Toolkit versions = 1.40.4...

6.5CVSS6.1AI score0.00152EPSS

Exploits0Affected Software1

Patchstack•added 2024/03/25 12:0 a.m.•7 views

WordPress affiliate-toolkit Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.4.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29817 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID af7f576cd2e1 Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.9AI score0.00197EPSS

Exploits0References2Affected Software1

OSV•added 2024/01/01 3:15 p.m.•0 views

CVE-2023-5877

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a...

9.8CVSS5.9AI score

Exploits0References1

Vulnrichment•added 2024/01/01 2:18 p.m.•4 views

CVE-2023-5877 affiliate-toolkit < 3.4.3 - Unauthenticated SSRF

9.8AI score0.00447EPSS

Exploits2References1

OSV•added 2023/11/09 9:15 p.m.•1 views

CVE-2023-34031

Cross-Site Request Forgery CSRF vulnerability in Pascal Casier bbPress Toolkit plugin = 1.0.12 versions...

8.8CVSS5.8AI score0.0007EPSS

Exploits0References1

NVD•added 2023/11/09 9:15 p.m.•12 views

CVE-2023-34031

Cross-Site Request Forgery CSRF vulnerability in Pascal Casier bbPress Toolkit plugin = 1.0.12 versions...

8.8CVSS0.0007EPSS

Exploits0References1

Prion•added 2023/11/09 9:15 p.m.•13 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pascal Casier bbPress Toolkit plugin = 1.0.12 versions...

6.8CVSS7.2AI score0.0007EPSS

Exploits0References1Affected Software1

CVE•added 2023/11/09 8:25 p.m.•34 views

CVE-2023-34031

CVE-2023-34031 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin bbPress Toolkit by Pascal Casier, affecting versions up to and including 1.0.12 . The vulnerability is unauthenticated and can be triggered when a user interacts with a crafted request, potentially allowing an at...

8.8CVSS8.9AI score0.0007EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by