CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Vulnrichment•added 2025/07/04 11:17 a.m.•2 views

CVE-2025-49070 WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi allows PHP Local File Inclusion. This issue affects Elessi: from n/a through n/a...

7.5CVSS6.6AI score0.00423EPSS

Exploits0References1

Cvelist•added 2025/07/04 11:17 a.m.•8 views

CVE-2025-49070 WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through 6.4.1...

7.5CVSS0.00423EPSS

Exploits0References1

CNNVD•added 2025/07/04 12:0 a.m.•2 views

WordPress plugin Elessi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Elessi plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

7.5CVSS6.5AI score0.00423EPSS

Exploits0References2

CNVD•added 2025/06/27 12:0 a.m.•2 views

WordPress Elessi plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Elessi plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

7.1CVSS5.8AI score0.00185EPSS

Exploits0References1

Cvelist•added 2025/06/20 3:4 p.m.•8 views

CVE-2025-49873 WordPress Elessi theme <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Elessi elessi-theme allows Reflected XSS.This issue affects Elessi: from n/a through = 6.3.9...

7.1CVSS0.00185EPSS

Exploits0References1

CVE•added 2025/06/20 3:4 p.m.•11 views

CVE-2025-49873

CVE-2025-49873 refers to a Cross-Site Scripting flaw in WordPress Theme Elessi (versions n/a through 6.3.9). The root cause is improper neutralization of input during web page generation, enabling reflected XSS. Patch data indicates the issue is fixed in version 6.4.1 of Elessi (update to at leas...

7.1CVSS5.9AI score0.00185EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by