CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2135 matches found

NVD•added 2025/10/25 6:15 a.m.•4 views

CVE-2025-10737

The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00161EPSS

Exploits0References2

CVE•added 2025/10/25 5:31 a.m.•15 views

CVE-2025-10737

The CVE-2025-10737 entry describes a stored XSS vulnerability in the Open Source Genesis Framework WordPress theme (versions up to 3.6.0) via shortcode attributes, exploitable by authenticated users withContributor-level access and above. Wordfence notes this as CVSS 3.1 base score 6.4 (Medium) w...

6.4CVSS4.8AI score0.00161EPSS

Exploits0References2

EUVD•added 2025/10/25 5:31 a.m.•3 views

EUVD-2025-35916

6.4CVSS4.7AI score0.00161EPSS

Exploits0References4

Cvelist•added 2025/10/25 5:31 a.m.•10 views

CVE-2025-10737 Open Source Genesis Framework <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

6.4CVSS0.00161EPSS

Exploits0References2

Cvelist•added 2025/10/25 5:31 a.m.•5 views

CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode

The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00161EPSS

Exploits0References2

Vulnrichment•added 2025/10/25 5:31 a.m.•2 views

CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode

6.4CVSS4.9AI score0.00161EPSS

Exploits0References2

Patchstack•added 2025/10/25 3:9 a.m.•4 views

WordPress The7 theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'the7fancytitlecss' vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme The7 versions = 12.9.1...

6.4CVSS5.8AI score0.00161EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/10/25 12:0 a.m.•2 views

PT-2025-43730

Name of the Vulnerable Software and Affected Versions The7 — Website and eCommerce Builder for WordPress theme versions prior to 12.9.2 Description The software is susceptible to a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This allows...

6.4CVSS5.5AI score0.00161EPSS

Exploits0References7

GithubExploit•added 2025/10/22 8:18 p.m.•209 views

Exploit for CVE-2025-6758

Real Spaces - WordPress Properties Directory Theme ≤ 3.6...

9.8CVSS7.5AI score0.00352EPSS

Exploits3

Cvelist•added 2025/10/22 2:32 p.m.•13 views

CVE-2025-62029 WordPress Grevo theme <= 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themesion Grevo grevo.This issue affects Grevo: from n/a through = 2.4...

8.1CVSS0.0038EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-60234 WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through = 2.8...

8.8CVSS0.00434EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•2 views

CVE-2025-59564 WordPress EduMall Theme < 4.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through 4.4.5...

8.1CVSS6.7AI score0.00441EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-58971 WordPress Doctreat theme <= 1.6.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through = 1.6.7...

7.1CVSS0.00203EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-53229 WordPress RockON DJ theme <= 3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav RockON DJ rockon allows Reflected XSS.This issue affects RockON DJ: from n/a through = 3.3...

7.1CVSS0.00203EPSS

Exploits0References1

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress Theme Importer plugin cross-site request forgery vulnerability

WordPress Theme Importer plugin is mainly used to import website content such as pages, menus, images, etc. from other platforms or websites into WordPress for quick migration or rebuilding of websites. The WordPress Theme Importer plugin suffers from a cross-site request forgery vulnerability,...

4.3CVSS6.9AI score0.00122EPSS

Exploits0References1

Patchstack•added 2025/10/18 1:24 a.m.•3 views

WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Theme Editor versions = 3.0...

8.8CVSS7.2AI score0.00366EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/10/17 2:54 a.m.•5 views

WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sale! Immigration law, Visa services support, Migration Agent Consulting versions = 1.5.8...

8.8CVSS7AI score0.00307EPSS

Exploits0Affected Software1

Patchstack•added 2025/10/16 12:36 p.m.•3 views

WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme Sparkle FSE versions = 1.0.9...

5.4CVSS7AI score0.00173EPSS

Exploits0Affected Software1

Patchstack•added 2025/10/16 12:4 p.m.•5 views

WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme Construction Light versions = 1.6.7...

5.4CVSS7AI score0.00173EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/10/16 8:33 a.m.•2 views

CVE-2025-10312

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

4.3CVSS5.7AI score0.00122EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by