CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-34622

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.00816EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-51001

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.00188EPSS

Exploits0References2

CVE•added 2025/07/16 10:36 a.m.•10 views

CVE-2025-54037

CVE-2025-54037 describes a Missing Authorization vulnerability in the Blazethemes News Kit Elementor Addons WordPress plugin. Affected software: News Kit Elementor Addons (versions up to 1.3.4). Root cause: improperly configured access control security levels that permit unauthorized actions. Imp...

5.4CVSS5.9AI score0.00218EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:37 a.m.•4 views

CVE-2024-4445

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.3AI score0.00182EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:24 p.m.•4 views

CVE-2021-24763

The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the saveglobalsetting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stor...

8.8CVSS6.1AI score0.00535EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 6:24 p.m.•5 views

CVE-2021-24636

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce CSRF checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link...

8.1CVSS6.9AI score0.0012EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 3:27 a.m.•4 views

CVE-2016-11008

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpipaypal payer metadata updates...

5.3CVSS7.1AI score0.00228EPSS

Exploits1References1

Patchstack•added 2025/04/11 12:17 p.m.•1 views

WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Easy Poll versions = 2.2.9...

7.1CVSS6.9AI score0.01109EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/02/05 10:7 a.m.•9 views

CVE-2024-3293

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

8.8CVSS7.2AI score0.26613EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 12:10 a.m.•3 views

CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

9.1CVSS7.8AI score0.22233EPSS

Exploits0References1

Vulnrichment•added 2024/01/16 3:48 p.m.•1 views

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

5.4AI score0.00155EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by