CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

5.4AI score0.00056EPSS

Exploits0References1

Cvelist•added 2025/12/31 2:47 p.m.•23 views

CVE-2025-62098 WordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through = 1.4.8...

5.4CVSS0.00049EPSS

Exploits0References1

CVE•added 2025/11/04 4:27 a.m.•11 views

CVE-2025-11753

CVE-2025-11753 : WordPress plugin Bootstrap Multi-language Responsive Portfolio is vulnerable to Stored Cross-Site Scripting via admin settings. Affected versions are those up to and including 1.0; the issue requires authenticated admin+ access and occurs in multisite installations or where unfil...

4.4CVSS4.7AI score0.00022EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-52120

Malicious code in bioql PyPI...

5.9CVSS8.9AI score0.00059EPSS

Exploits0References1

Patchstack•added 2025/09/22 6:48 p.m.•5 views

WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Portfolio versions = 2.58...

5.9CVSS5.9AI score0.0003EPSS

Exploits0Affected Software1

Cvelist•added 2025/09/22 6:23 p.m.•8 views

CVE-2025-58245 WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bestweblayout Portfolio portfolio allows DOM-Based XSS.This issue affects Portfolio : from n/a through = 2.58...

5.9CVSS0.0003EPSS

Exploits0References1

Patchstack•added 2025/09/08 3:42 a.m.•4 views

WordPress Portfolio Manager Lite plugin <= 1.20 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Portfolio Manager Lite versions = 1.20...

7.1CVSS6.1AI score0.0027EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/05/23 8:25 a.m.•2 views

CVE-2024-49302

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in portfoliohub WordPress Portfolio Builder – Portfolio Gallery uber-grid allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through = 1.1.7...

6.5CVSS5.9AI score0.00313EPSS

Exploits0References1

CVE•added 2025/02/28 4:21 a.m.•62 views

CVE-2025-1757

CVE-2025-1757 refers to WordPress Portfolio Builder – Portfolio Gallery (Uber Grid) with Stored XSS via pfhub_portfolio and pfhub_portfolio_portfolio shortcodes in versions up to 1.1.7. The Red Hat and CIRCL entries corroborate the description. The vulnerability requires authenticated access (Con...

6.4CVSS5.8AI score0.00144EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/02/28 4:21 a.m.•12 views

CVE-2025-1757 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

6.4CVSS0.00144EPSS

Exploits0References3

Vulnrichment•added 2025/02/19 8:21 a.m.•9 views

CVE-2024-13231 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addvideo' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitra...

5.3CVSS5.2AI score0.00427EPSS

Exploits0References5

CVE•added 2025/02/19 8:21 a.m.•36 views

CVE-2024-13231

CVE-2024-13231 : The WordPress Portfolio Builder – Portfolio Gallery plugin has a vulnerability in all versions up to 1.1.7 due to a missing capability check in the add_video function, enabling an unauthenticated attacker to modify data by adding arbitrary videos to any portfolio gallery. This is...

5.3CVSS5.2AI score0.00427EPSS

Exploits0References5Affected Software1

Cvelist•added 2025/02/19 8:21 a.m.•8 views

CVE-2024-13231 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update

5.3CVSS0.00427EPSS

Exploits0References5

Cvelist•added 2024/12/13 2:23 p.m.•12 views

CVE-2023-32585 WordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/a through 1.4.6...

7.5CVSS0.00341EPSS

Exploits0References1

Cvelist•added 2024/12/12 5:24 a.m.•13 views

CVE-2024-11765 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsportfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization a...

6.4CVSS0.0036EPSS

Exploits0References3

Vulnrichment•added 2024/12/12 5:24 a.m.•12 views

CVE-2024-11765 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS5.8AI score0.0036EPSS

Exploits0References3

NVD•added 2024/11/30 9:15 p.m.•12 views

CVE-2024-53788

5.9CVSS0.00059EPSS

Exploits0References1

Vulnrichment•added 2024/11/30 9:5 p.m.•8 views

CVE-2024-53788 WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

5.9CVSS8.6AI score0.00059EPSS

Exploits0References1

CVE•added 2024/11/30 9:5 p.m.•49 views

CVE-2024-53788

CVE-2024-53788: Stored Cross-Site Scripting in WordPress Portfolio Builder – Portfolio Gallery plugin (versions

5.9CVSS7.2AI score0.00059EPSS

Exploits0References1

Positive Technologies•added 2024/11/30 12:0 a.m.•2 views

PT-2024-35901 · WordPress · Wordpress Portfolio Builder – Portfolio Gallery

Name of the Vulnerable Software and Affected Versions: WordPress Portfolio Builder – Portfolio Gallery versions 1.1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attack...

5.9CVSS6AI score0.00059EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by