CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/11/26 7:59 a.m.•3 views

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00032EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-59048

Malicious code in bioql PyPI...

5CVSS6.6AI score0.00202EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-54755

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00105EPSS

Exploits1References4

Vulnrichment•added 2025/08/20 8:3 a.m.•3 views

CVE-2025-49411 WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1...

6.5CVSS6.4AI score0.00047EPSS

Exploits0References1

Vulnrichment•added 2025/08/20 8:3 a.m.•4 views

CVE-2025-49422 WordPress iframe Wrapper plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1...

6.5CVSS6.6AI score0.00088EPSS

Exploits0References1

CVE•added 2025/08/16 6:39 a.m.•16 views

CVE-2025-8089

CVE-2025-8089 corresponds to a stored XSS in the WordPress Advanced iFrame plugin. The vulnerability exists in the parameter for versions up to and including 2025.6, due to insufficient input sanitization and output escaping. Impact: authenticated attackers with contributor-level access or highe...

5.4CVSS6AI score0.00057EPSS

Exploits0References3

Cvelist•added 2025/06/06 12:54 p.m.•11 views

CVE-2025-30939 WordPress IFrame Widget plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...

5.9CVSS0.0017EPSS

Exploits0References1

Vulnrichment•added 2025/06/06 12:54 p.m.•6 views

CVE-2025-30939 WordPress IFrame Widget plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability

5.9CVSS5.7AI score0.0017EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:7 a.m.•2 views

CVE-2023-6844

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5CVSS5.8AI score0.00202EPSS

Exploits0References1

Patchstack•added 2023/10/30 12:0 a.m.•9 views

WordPress iframe forms Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software iframe forms Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5073 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1839edf7170f Credits István Márton Required privileg...

6.4CVSS5.7AI score0.00159EPSS

Exploits1References2Affected Software1

OSV•added 2023/10/20 7:15 a.m.•0 views

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

5.4CVSS7AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by