CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2...

8.8CVSS8.5AI score0.00053EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:52 a.m.•7 views

CVE-2023-46623

Improper Control of Generation of Code 'Code Injection' vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2...

9.9CVSS8.1AI score0.00212EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:4 p.m.•2 views

CVE-2021-24936

The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

8CVSS6.1AI score0.00107EPSS

Exploits2References1

RedhatCVE•added 2025/02/28 6:27 a.m.•5 views

CVE-2024-13632

The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00109EPSS

Exploits1References1

CVE•added 2025/02/26 6:0 a.m.•54 views

CVE-2024-13632

CVE-2024-13632 affects the WP Extra Fields WordPress plugin (≤1.0.1). The vulnerability is a Reflected Cross‑Site Scripting caused by insufficient sanitisation/escaping of a parameter before output, potentially affecting high-privilege users (e.g., admin). The CVSSv3.1 base score is 7.1 (HIGH) wi...

7.1CVSS7AI score0.00109EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/02/26 6:0 a.m.•4 views

CVE-2024-13632 WP Extra Fields <= 1.0.1 - Reflected XSS

6.5AI score0.00109EPSS

Exploits1References1

Cvelist•added 2025/02/26 6:0 a.m.•10 views

CVE-2024-13632 WP Extra Fields <= 1.0.1 - Reflected XSS

0.00109EPSS

Exploits1References1

Positive Technologies•added 2025/02/26 12:0 a.m.•2 views

PT-2025-8679 · WordPress · Wp Extra Fields

Name of the Vulnerable Software and Affected Versions: WP Extra Fields WordPress plugin version 1.0.1 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could be used...

7.1CVSS8.5AI score0.00109EPSS

Exploits1References5

NVD•added 2023/12/29 9:15 a.m.•10 views

CVE-2023-46623

Improper Control of Generation of Code 'Code Injection' vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2...

9.9CVSS0.00212EPSS

Exploits0References1

Prion•added 2023/12/29 9:15 a.m.•14 views

Code injection

Improper Control of Generation of Code 'Code Injection' vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2...

6.5CVSS7.4AI score0.00212EPSS

Exploits0References1Affected Software1

CVE•added 2023/12/29 9:6 a.m.•24 views

CVE-2023-46623

CVE-2023-46623 affects the WordPress WP EXtra plugin (versions ≤ 6.2). The vulnerability is described as a remote code execution (RCE) due to improper control of code generation, reportedly exploitable via htaccess modifications. A fix is available in version 6.3. Reported CVSS scores indicate hi...

9.9CVSS8.1AI score0.00212EPSS

Exploits0References1Affected Software1

NVD•added 2023/12/19 12:15 a.m.•8 views

CVE-2023-46212

8.8CVSS0.00053EPSS

Exploits0References1

Prion•added 2023/12/19 12:15 a.m.•12 views

Cross site request forgery (csrf)

6.5CVSS7.2AI score0.00053EPSS

Exploits0References1Affected Software1

CVE•added 2023/12/18 11:57 p.m.•58 views

CVE-2023-46212