CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-43493

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00143EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:25 a.m.•6 views

CVE-2024-49630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems WP Education wp-education allows Stored XSS.This issue affects WP Education: from n/a through = 1.2.8...

6.5CVSS5.9AI score0.00143EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:40 a.m.•4 views

CVE-2023-0498

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS5.6AI score0.00106EPSS

Exploits2References1

NVD•added 2024/10/20 8:15 a.m.•14 views

CVE-2024-49630

6.5CVSS0.00143EPSS

Exploits0References1

OSV•added 2024/10/20 8:15 a.m.•1 views

CVE-2024-49630

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in HT Plugins WP Education allows Stored XSS.This issue affects WP Education: from n/a through 1.2.8...

5.4CVSS5.8AI score

Exploits0References1

CVE•added 2024/10/20 7:48 a.m.•44 views

CVE-2024-49630

CVE-2024-49630 affects WP Education (WordPress plugin for Elementor)

6.5CVSS5.9AI score0.00143EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/10/20 12:0 a.m.•1 views

WordPress plugin WP Education 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.00143EPSS

Exploits0References3

Prion•added 2023/03/27 4:15 p.m.•15 views

Cross site request forgery (csrf)

4.3CVSS4.7AI score0.00106EPSS

Exploits2References1Affected Software1

CVE•added 2023/03/27 3:37 p.m.•61 views

CVE-2023-0498

CVE-2023-0498 affects the WP Education WordPress plugin prior to 1.2.7. The vulnerability is a CSRF flaw in the plugin activation flow that could allow a CSRF attacker to cause logged-in admins to activate arbitrary plugins on the blog. Remediation: upgrade to WP Education 1.2.7 or later (patched...

4.3CVSS4.5AI score0.00106EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/03/27 3:37 p.m.•11 views

CVE-2023-0498 WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

4.6AI score0.00106EPSS

Exploits2References1

CNNVD•added 2023/03/27 12:0 a.m.•3 views

WordPress plugin WP Education 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.2AI score0.00106EPSS

Exploits2References2

wpexploit•added 2023/02/28 12:0 a.m.•124 views

WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00106EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by