CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-52786 is a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Media Folder. Affected versions are up to 1.0.0; the root cause is improper input neutralization during web page generation, enabling Reflected XSS. CVSSv3.1 base score is 7.1 (HIGH) with network attack...

7.1CVSS5.9AI score0.00185EPSS

Exploits0References1

Cvelist•added 2025/07/04 8:42 a.m.•9 views

CVE-2025-28957 WordPress OwnerRez API plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OwnerRez OwnerRez API ownerrez allows Stored XSS.This issue affects OwnerRez API: from n/a through = 1.2.1...

6.5CVSS0.00143EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•10 views

CVE-2025-47654 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.20...

7.1CVSS0.00185EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:21 a.m.•6 views

CVE-2015-9372

Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via addqueryarg and removequeryarg...

6.1CVSS6AI score0.00368EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:13 a.m.•15 views

CVE-2019-15327

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data...

6.1CVSS6AI score0.0019EPSS

Exploits0References1

Cvelist•added 2025/04/01 5:31 a.m.•14 views

CVE-2025-30837 WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through = 2.6.7...

7.1CVSS0.00161EPSS

Exploits0References1

Cvelist•added 2025/02/07 10:11 a.m.•13 views

CVE-2025-25096 WordPress RSS in Page plugin <= 2.9.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in titusbicknell RSS in Page rss-in-page allows Stored XSS.This issue affects RSS in Page: from n/a through = 2.9.1...

6.5CVSS0.00131EPSS

Exploits0References1

Vulnrichment•added 2025/01/07 2:57 p.m.•6 views

CVE-2025-22558 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...

6.5CVSS7.2AI score0.0028EPSS

Exploits0References1

CVE•added 2024/11/21 8:31 a.m.•51 views

CVE-2024-11456

CVE-2024-11456 affects the WordPress plugin “Run Contests, Raffles, and Giveaways with ContestsWP” up to version 2.0.3. Root cause is improper escaping in add_query_arg, enabling reflected XSS via links that trigger user actions. Unauthenticated attackers could inject scripts if a user clicks a c...

6.1CVSS6AI score0.01001EPSS

Exploits0References2

Vulnrichment•added 2023/10/24 12:16 p.m.•5 views

CVE-2023-45770 WordPress Fast WP Speed Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fastwpspeed Fast WP Speed plugin = 1.0.0 versions...

7.1CVSS6.2AI score0.00193EPSS

Exploits0References1

NVD•added 2023/09/27 3:19 p.m.•7 views

CVE-2023-41241

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

5.9CVSS5.4AI score0.00148EPSS

Exploits0References1

Cvelist•added 2023/08/17 8:8 a.m.•20 views

CVE-2023-30876 WordPress Dave's WordPress Live Search Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dave Ross Dave's WordPress Live Search plugin = 4.8.1 versions...

5.9CVSS5.5AI score0.00086EPSS

Exploits0References1

OpenVAS•added 2023/01/20 12:0 a.m.•5 views

WordPress 404 to 301 Plugin < 3.1.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:404to301project:404to301"; ifdescription...

7.2AI score

Exploits0References1

Cvelist•added 2019/08/27 12:0 p.m.•16 views

CVE-2015-9349

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in old" file browser...

6.1AI score0.0019EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by