CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in platcom WP-Asambleas wp-asambleas allows Reflected XSS.This issue affects WP-Asambleas: from n/a through = 2.85.0...

7.1CVSS5.9AI score0.00161EPSS

Exploits0References1

NVD•added 2025/04/17 4:15 p.m.•3 views

CVE-2025-22796

7.1CVSS0.00161EPSS

Exploits0References1

Vulnrichment•added 2025/04/17 3:17 p.m.•9 views

CVE-2025-22796 WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in platcom WP-Asambleas allows Reflected XSS. This issue affects WP-Asambleas: from n/a through 2.85.0...

7.1CVSS6.9AI score0.00161EPSS

Exploits0References1

CVE•added 2025/04/17 3:17 p.m.•43 views

CVE-2025-22796

The CVE-2025-22796 entry concerns the WordPress WP-Asambleas plugin (versions up to and including 2.85.0). The vulnerability is an Improper Neutralization of Input During Web Page Generation, i.e., a Reflected Cross-Site Scripting (XSS) flaw in WP-Asambleas. The root cause is unneutralized user i...

7.1CVSS5.9AI score0.00161EPSS

Exploits0References1

Cvelist•added 2025/04/17 3:17 p.m.•15 views

CVE-2025-22796 WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00161EPSS

Exploits0References1

Positive Technologies•added 2025/04/17 12:0 a.m.•4 views

PT-2025-16974 · WordPress · Wp-Asambleas

Name of the Vulnerable Software and Affected Versions: WP-Asambleas versions 2.85.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

7.1CVSS6.7AI score0.00161EPSS

Exploits0References3

RedhatCVE•added 2025/02/26 3:30 p.m.•13 views

CVE-2025-27294

Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...

4.8CVSS7.2AI score0.00128EPSS

Exploits0References1

NVD•added 2025/02/24 3:15 p.m.•12 views

CVE-2025-27294

4.8CVSS0.00128EPSS

Exploits0References1

Patchstack•added 2025/02/24 3:12 p.m.•1 views

WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP-Asambleas versions = 2.85.0...

4.8CVSS7.1AI score0.00128EPSS

Exploits0Affected Software1

CVE•added 2025/02/24 2:48 p.m.•56 views

CVE-2025-27294

CVE-2025-27294 affects the WordPress plugin WP-Asambleas, version

4.8CVSS7.2AI score0.00128EPSS

Exploits0References1

Positive Technologies•added 2025/02/24 12:0 a.m.•1 views

PT-2025-7727 · WordPress · Wp-Asambleas

Name of the Vulnerable Software and Affected Versions: WP-Asambleas versions 2.85.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in WP-Asambleas, which allows exploitation due to incorrectly configured access control security levels. Recommendations: For...

4.8CVSS9.4AI score0.00128EPSS

Exploits0References3

NVD•added 2025/02/18 5:15 a.m.•11 views

CVE-2024-13579

The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pollspopup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00149EPSS

Exploits0References2

Cvelist•added 2025/02/18 4:21 a.m.•6 views

CVE-2024-13579 WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00149EPSS

Exploits0References2

CVE•added 2025/02/18 4:21 a.m.•46 views

CVE-2024-13579

CVE-2024-13579, WP-Asambleas (WordPress): The vulnerability is a stored XSS in the polls_popup shortcode present in WP-Asambleas up to version 2.85.0. The issue arises from insufficient input sanitization and output escaping of user-supplied attributes, enabling an authenticated attacker with con...

6.4CVSS5.8AI score0.00149EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/02/18 4:21 a.m.•4 views

CVE-2024-13579 WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS5.8AI score0.00149EPSS

Exploits0References2

Patchstack•added 2025/02/17 10:5 p.m.•2 views

WordPress WP-Asambleas plugin <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WP-Asambleas versions = 2.85.0...

6.4CVSS5.7AI score0.00149EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by