CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The WordPress Software Issue Manager plugin is a project-based WordPress plugin for tracking software defects, issues, tasks, and product feature requests, with support for customized reporting. The WordPress Software Issue Manager plugin suffers from a cross-site scripting vulnerability that ste...

6.4CVSS6AI score0.00072EPSS

Exploits0References1

Patchstack•added 2025/08/11 10:5 p.m.•2 views

WordPress Software Issue Manager plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Software Issue Manager versions = 5.0.0...

6.4CVSS5.5AI score0.00072EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/07/04 11:18 a.m.•3 views

CVE-2025-47634 WordPress WC Pickup Store plugin <= 1.8.9 - Settings Change Vulnerability

Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store wc-pickup-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Pickup Store: from n/a through = 1.8.9...

6.5CVSS5.1AI score0.00298EPSS

Exploits0References1

Vulnrichment•added 2025/06/09 3:53 p.m.•6 views

CVE-2025-49295 WordPress MediClinic theme <= 2.1 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through = 2.1...

8.1CVSS7.2AI score0.00257EPSS

Exploits0References1

CVE•added 2025/05/15 8:7 p.m.•31 views

CVE-2025-1288

The connected sources confirm a vulnerability in the WOOEXIM WordPress plugin (versions before 5.0.0) where CSRF is not consistently checked and inputs lack proper sanitisation and escaping. This can allow an unauthenticated attacker to trigger a reflected XSS via CSRF, potentially affecting page...

6.1CVSS6AI score0.00077EPSS

Exploits1References1Affected Software1

NVD•added 2025/03/07 7:15 a.m.•7 views

CVE-2024-13655

The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...

8.1CVSS0.00132EPSS

Exploits0References2

CVE•added 2019/06/10 5:37 p.m.•104 views

CVE-2019-9881

Summary (CVE-2019-9881): WPGraphQL 0.2.3 for WordPress allows unauthenticated users to post comments via the createComment mutation even when comments are disabled. This is evidenced by the Nuclei template for CVE-2019-9881 (and corroborating sources) which describe unauthenticated comment postin...

5.3CVSS5.6AI score0.32935EPSS

Exploits3References5Affected Software1

ThreatPost•added 2014/12/29 12:52 p.m.•11 views

Internet Systems Consortium Site Redirects to Angler Exploit

UPDATE: This story has been updated with comments from the Internet Systems Consortium. The Internet Systems Consortium website is offline today after the non-profit domain name service maintainer announced its website had possibly become infected with malware. The ISC, as it is commonly known, i...

Exploits0References3

OSV•added 2012/04/21 11:55 p.m.•2 views

CVE-2012-2401

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content...

6.2AI score

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by