CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

313 matches found

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.2AI score0.00561EPSS

Exploits1References2

CVE•added 6 days ago•7 views

CVE-2025-58952

CVE-2025-58952 : Unauthenticated Local File Inclusion in WordPress Neuronet theme prior to 1.14.0. Affected: Neuronet

8.1CVSS5.2AI score0.00338EPSS

Exploits0References1

Patchstack•added last week•2 views

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7.1CVSS5.8AI score0.00034EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/06/05 7:35 p.m.•8 views

CVE-2026-5742

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS5.6AI score0.00234EPSS

Exploits0References1

CVE•added 2026/06/02 9:47 a.m.•13 views

CVE-2025-53345

CVE-2025-53345: A Missing Authorization flaw in ThimPress Thim Core (WordPress plugin) allows arbitrary code execution when a malicious vulnerable plugin is installed, affecting Thim Core up to version 2.3.3. CVSS v3.1 metrics indicate Network attack vector, Low attack complexity, Privileges Requ...

8.8CVSS6.2AI score0.00514EPSS

Exploits0References1

Vulnrichment•added 2026/06/02 7:48 a.m.•8 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS

Exploits0References4

CNNVD•added 2026/06/02 12:0 a.m.•5 views

WordPress plugin Spin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.3AI score0.00337EPSS

Exploits0References1

CNNVD•added 2026/06/02 12:0 a.m.•4 views

WordPress plugin Racquet 安全漏洞

8.1CVSS5.4AI score0.00327EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 6:46 a.m.•9 views

CVE-2026-2030

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcacarousel and lvcapostscarousel shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically,...

6.4CVSS6AI score0.00235EPSS

Exploits0References4

Vulnrichment•added 2026/05/27 5:31 a.m.•10 views

CVE-2026-8703 Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS6AI score0.00187EPSS

Exploits0References3

EUVD•added 2026/05/27 4:28 a.m.•9 views

EUVD-2025-209950

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00211EPSS

Exploits0References5

CNNVD•added 2026/05/27 12:0 a.m.•6 views

WordPress plugin KiviCare 安全漏洞

8.2CVSS5.8AI score0.00255EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin GenerateBlocks 安全漏洞

6.5CVSS5.8AI score0.00228EPSS

Exploits0References1

CNNVD•added 2026/05/26 12:0 a.m.•7 views

WordPress plugin RepairBuddy 安全漏洞

4.3CVSS5.8AI score0.00217EPSS

Exploits0References1

CNNVD•added 2026/05/21 12:0 a.m.•9 views

WordPress plugin WP Directory Kit SQL注入漏洞

9.3CVSS5.9AI score0.00243EPSS

Exploits0References1

Cvelist•added 2026/05/20 1:25 a.m.•35 views

CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.00266EPSS

Exploits0References3

Positive Technologies•added 2026/05/05 12:0 a.m.•11 views

PT-2026-37030

Name of the Vulnerable Software and Affected Versions Betheme versions prior to 28.5 Description The Betheme theme for WordPress allows authenticated attackers with author-level access or higher to upload arbitrary files, including PHP scripts. This occurs because the upload icons function moves...

8.8CVSS6.5AI score0.00449EPSS

Exploits0References5

CNNVD•added 2026/05/05 12:0 a.m.•8 views

WordPress plugin addfreespace 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00158EPSS

Exploits0References1

CNNVD•added 2026/04/29 12:0 a.m.•5 views

WordPress Plugin BetterDocs 安全漏洞

5.3CVSS5.8AI score0.00247EPSS

Exploits0References1

CNNVD•added 2026/04/15 12:0 a.m.•6 views

WordPress plugin FluentBoards 安全漏洞