CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2018 matches found

RedhatCVE•added 2025/12/14 8:45 a.m.•9 views

CVE-2025-8780

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5AI score0.00192EPSS

Exploits0References1

RedhatCVE•added 2025/12/14 8:45 a.m.•8 views

CVE-2025-7960

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS5AI score0.00155EPSS

Exploits0References1

EUVD•added 2025/12/13 6:30 p.m.•3 views

EUVD-2025-203245

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00185EPSS

Exploits0References4

EUVD•added 2025/12/13 6:30 p.m.•3 views

EUVD-2025-203243

6.4CVSS4.7AI score0.00192EPSS

Exploits0References5

NVD•added 2025/12/13 4:16 p.m.•6 views

CVE-2025-8780

6.4CVSS0.00192EPSS

Exploits0References4

NVD•added 2025/12/13 4:16 p.m.•2 views

CVE-2025-8687

6.4CVSS0.00185EPSS

Exploits0References3

Patchstack•added 2025/12/13 10:4 a.m.•6 views

WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Restrict Elementor Widgets, Columns and Sections versions = 1.12...

4.3CVSS6.7AI score0.00185EPSS

Exploits0Affected Software1

CVE•added 2025/12/13 8:21 a.m.•14 views

CVE-2025-8780

CVE-2025-8780 affects the WordPress plugin Livemesh SiteOrigin Widgets (versions up to and including 3.9.1). The issue is a Stored Cross-Site Scripting (XSS) in the plugin’s widgets (Hero Header and Pricing Table) caused by insufficient input sanitization and output escaping on user-supplied attr...

6.4CVSS4.7AI score0.00192EPSS

Exploits0References4

Cvelist•added 2025/12/13 8:21 a.m.•27 views

CVE-2025-8780 Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets

6.4CVSS0.00192EPSS

Exploits0References4

RedhatCVE•added 2025/12/13 3:59 a.m.•2 views

CVE-2025-13334

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

8.1CVSS5.1AI score0.00229EPSS

Exploits0References1

CNNVD•added 2025/12/13 12:0 a.m.•3 views

WordPress plugin Livemesh SiteOrigin Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00192EPSS

Exploits0References5

Positive Technologies•added 2025/12/13 12:0 a.m.•2 views

PT-2025-51104

6.4CVSS5AI score0.00155EPSS

Exploits0References2

Positive Technologies•added 2025/12/13 12:0 a.m.•5 views

PT-2025-51108

6.4CVSS5AI score0.00192EPSS

Exploits0References4

Positive Technologies•added 2025/12/12 12:0 a.m.•2 views

PT-2025-50816

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

8.1CVSS5.1AI score0.00229EPSS

Exploits0References4

CNVD•added 2025/12/12 12:0 a.m.•2 views

WordPress Essential Widgets plugin cross-site scripting vulnerability

WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...

6.5CVSS6.1AI score0.00161EPSS

Exploits0References1

Vulnrichment•added 2025/12/11 3:27 a.m.•10 views

CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00221EPSS

Exploits0References2

Patchstack•added 2025/12/11 12:42 a.m.•4 views

WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via trustindex Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widgets for Google Reviews versions = 13.2.1...

6.4CVSS5.5AI score0.00221EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/10 2:23 p.m.•3 views

CVE-2025-67543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...

6.5CVSS6AI score0.00161EPSS

Exploits0References1

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-202101

6.5CVSS5.5AI score0.00161EPSS

Exploits0References2