CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3367 matches found

Cvelist•added 2025/12/12 3:20 a.m.•27 views

CVE-2025-13989 WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

6.4CVSS0.00236EPSS

Exploits0References5

RedhatCVE•added 2025/11/12 6:59 a.m.•12 views

CVE-2025-11237

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

5.3CVSS6.8AI score0.00258EPSS

Exploits0References1

Vulnrichment•added 2025/11/11 3:30 a.m.•3 views

CVE-2025-12588 USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.2AI score0.00129EPSS

Exploits0References3

Cvelist•added 2025/10/27 1:34 a.m.•10 views

CVE-2025-62972 WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through = 1.33.28...

4.3CVSS0.00225EPSS

Exploits0References1

EUVD•added 2025/10/24 8:24 a.m.•2 views

EUVD-2025-35806

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

5.4CVSS5.2AI score0.00247EPSS

Exploits0References4

CNNVD•added 2025/10/22 12:0 a.m.•3 views

WordPress plugin Evergreen Content Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.6AI score0.00128EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-9375

Malware in sbrugna...

6.1CVSS6.3AI score0.00923EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-9338

Malware in sbrugna...

8.8CVSS8.6AI score0.00718EPSS

Exploits0References3