Lucene search
K

422 matches found

CVE
CVE
added 2025/08/02 7:24 a.m.25 views

CVE-2025-6754

CVE-2025-6754 (SEO Metrics for WordPress) : The WordPress plugin versions 1.0.5–1.0.15 are affected by privilege-escalation due to missing authorization checks in seo_metrics_handle_connect_button_click() and seo_metrics_handle_custom_endpoint(). An attacker with subscriber-level access can obtai...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/07/22 1:44 a.m.3 views

CVE-2025-6831 User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode

The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcrrestrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.003EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/19 8:24 a.m.13 views

CVE-2025-6997 ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

6.4CVSS0.00205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/17 4:59 a.m.10 views

CVE-2025-7340

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the tempfileupload function in all versions up to, and including, 2.2.1. This makes it possible for...

9.8CVSS6.7AI score0.0161EPSS
Exploits2References1
CVE
CVE
added 2025/07/16 11:28 a.m.18 views

CVE-2025-47652

CVE-2025-47652 concerns Infility Global plugin for WordPress (versions up to 2.13.4). The issue is a Reflected Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. The CVSS v3.1 base score is 7.1 (High) with NETWORK attack vector, LOW impact on confidenti...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 11:28 a.m.19 views

CVE-2025-48345

CVE-2025-48345 : Reflected XSS in the WordPress plugin Contact Form 7 Editor Button (versions ≤ 1.0.0). Root cause is improper input neutralization during web page generation, enabling a reflected payload to run in a victim’s browser. Affected software is the Contact Form 7 Editor Button plugin f...

7.1CVSS5.9AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 10:36 a.m.5 views

CVE-2025-54037 WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4...

5.4CVSS7.1AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 10:36 a.m.15 views

CVE-2025-54026

CVE-2025-54026 corresponds to a SQL Injection vulnerability in GymBase Theme Classes (WordPress plugin). Affected versions are from n/a through 1.4; root cause cited as improper neutralization of SQL elements. Evidence from multiple sources confirms the issue is a database query vulnerability tha...

8.5CVSS5.9AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 10:36 a.m.10 views

CVE-2025-53984 WordPress JetTabs plugin <= 2.2.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows Stored XSS.This issue affects JetTabs: from n/a through = 2.2.9...

6.5CVSS0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 11:18 a.m.4 views

CVE-2025-49302 WordPress Easy Stripe plugin <= 1.1 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affects Easy Stripe: from n/a through = 1.1...

10CVSS5.9AI score0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 11:17 a.m.2 views

CVE-2025-52832 WordPress NGG Smart Image Search plugin <= 3.4.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through = 3.4.1...

9.3CVSS5.9AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 8:42 a.m.5 views

CVE-2025-28963 WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Md Yeasin Ul Haider URL Shortener allows Server Side Request Forgery. This issue affects URL Shortener: from n/a through 3.0.7...

5.4CVSS6.5AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 8:42 a.m.4 views

CVE-2025-27358 WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through = 23.6...

4.6CVSS5.9AI score0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 8:42 a.m.3 views

CVE-2025-24764 WordPress (Simply) Guest Author Name plugin <= 4.36 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Simply Guest Author Name allows DOM-Based XSS. This issue affects Simply Guest Author Name: from n/a through 4.36...

6.5CVSS7.1AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 4:15 a.m.9 views

CVE-2025-4380

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS0.28162EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/02 3:47 a.m.2 views

CVE-2025-6687 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'icon' user supplied attributes. This makes it...

6.4CVSS6AI score0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/27 1:21 p.m.3 views

CVE-2025-53338 WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1...

7.1CVSS7AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 1:21 p.m.16 views

CVE-2025-53295

CVE-2025-53295 concerns iCount Payment Gateway &lt;= 2.0.6 with a Missing Authorization issue allowing access to constrained functionality. The provided data shows CVSS v3.1 base score 5.3 (Medium) and an unauthenticated/unauthorized access risk. Patch guidance appears in Patchstack: iCount Payme...

5.3CVSS5.9AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 1:21 p.m.22 views

CVE-2025-53279

CVE-2025-53279 is a DOM-based XSS vulnerability in the Popup addon for Ninja Forms, caused by improper input neutralization during web page generation. Affected: Popup addon for Ninja Forms (versions up to 3.4). Impact and exploitability are described in public sources as XSS; CVSS details are pr...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/27 1:20 p.m.4 views

CVE-2025-53197 WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8...

4.3CVSS7.2AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder