CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

5.4AI score0.00056EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-52120

Malicious code in bioql PyPI...

5.9CVSS8.9AI score0.00059EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:25 a.m.•2 views

CVE-2024-49302

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in portfoliohub WordPress Portfolio Builder – Portfolio Gallery uber-grid allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through = 1.1.7...

6.5CVSS5.9AI score0.00313EPSS

Exploits0References1

CVE•added 2025/02/28 4:21 a.m.•65 views

CVE-2025-1757

CVE-2025-1757 refers to WordPress Portfolio Builder – Portfolio Gallery (Uber Grid) with Stored XSS via pfhub_portfolio and pfhub_portfolio_portfolio shortcodes in versions up to 1.1.7. The Red Hat and CIRCL entries corroborate the description. The vulnerability requires authenticated access (Con...

6.4CVSS5.8AI score0.00144EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/02/28 4:21 a.m.•14 views

CVE-2025-1757 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

6.4CVSS0.00144EPSS

Exploits0References3

Vulnrichment•added 2025/02/19 8:21 a.m.•9 views

CVE-2024-13231 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addvideo' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitra...

5.3CVSS5.2AI score0.00427EPSS

Exploits0References5

CVE•added 2025/02/19 8:21 a.m.•36 views

CVE-2024-13231

CVE-2024-13231 : The WordPress Portfolio Builder – Portfolio Gallery plugin has a vulnerability in all versions up to 1.1.7 due to a missing capability check in the add_video function, enabling an unauthenticated attacker to modify data by adding arbitrary videos to any portfolio gallery. This is...

5.3CVSS5.2AI score0.00427EPSS

Exploits0References5Affected Software1

Cvelist•added 2025/02/19 8:21 a.m.•9 views

CVE-2024-13231 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update

5.3CVSS0.00427EPSS

Exploits0References5

NVD•added 2024/11/30 9:15 p.m.•13 views

CVE-2024-53788

5.9CVSS0.00059EPSS

Exploits0References1

Vulnrichment•added 2024/11/30 9:5 p.m.•8 views

CVE-2024-53788 WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

5.9CVSS8.6AI score0.00059EPSS

Exploits0References1

CVE•added 2024/11/30 9:5 p.m.•49 views

CVE-2024-53788

CVE-2024-53788: Stored Cross-Site Scripting in WordPress Portfolio Builder – Portfolio Gallery plugin (versions

5.9CVSS7.2AI score0.00059EPSS

Exploits0References1

Positive Technologies•added 2024/11/30 12:0 a.m.•3 views

PT-2024-35901 · WordPress · Wordpress Portfolio Builder – Portfolio Gallery

Name of the Vulnerable Software and Affected Versions: WordPress Portfolio Builder – Portfolio Gallery versions 1.1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attack...

5.9CVSS6AI score0.00059EPSS

Exploits0References6

CVE•added 2024/10/17 6:50 p.m.•42 views

CVE-2024-49302

CVE-2024-49302 describes a Stored XSS in WordPress Plugin WordPress Portfolio Builder – Portfolio Gallery (versions up to 1.1.7). The vulnerability arises from improper input neutralization during web page generation, enabling attackers to inject scripts that execute in victims’ browsers. Impact ...

6.5CVSS5.9AI score0.00313EPSS

Exploits0References1

Patchstack•added 2024/10/15 12:0 a.m.•7 views

WordPress WordPress Portfolio Builder – Portfolio Gallery Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Portfolio Builder – Portfolio Gallery Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49302 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 17af9ba7c91e Credits Muhammad...

6.5CVSS6.5AI score0.00313EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by