CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346601 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-25611	1 Presstigers	1 Simple Event Planner	2025-02-20	4.1 Medium
Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].
CVE-2022-25612	1 Presstigers	1 Simple Event Planner	2025-02-20	4.1 Medium
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
CVE-2022-25613	1 Foliovision	1 Fv Flowplayer Video Player	2025-02-20	4.1 Medium
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter.
CVE-2022-25618	1 Tms-outsource	1 Wpdatatables Lite	2025-02-20	3.4 Low
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
CVE-2021-36851	1 Web-settler	1 Testimonial Slider	2025-02-20	4.1 Medium
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.
CVE-2021-36910	1 Wp-appbox Project	1 Wp-appbox	2025-02-20	3.4 Low
Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20.
CVE-2021-36848	1 Sharethis	1 Social Media Feather	2025-02-20	3.4 Low
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
CVE-2021-36896	1 W3eden	1 Pricing Table	2025-02-20	4.8 Medium
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2
CVE-2021-36846	1 Premio	1 Chaty	2025-02-20	4.8 Medium
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3
CVE-2021-36893	1 Wpdarko	1 Responsive Tabs	2025-02-20	4.8 Medium
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5
CVE-2022-27844	1 Wpvivid	1 Migration\, Backup\, Staging	2025-02-20	2.7 Low
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
CVE-2022-27845	1 Plausible	1 Plausible Analytics	2025-02-20	4.8 Medium
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2
CVE-2022-25615	1 Stylemixthemes	1 Eroom - Zoom Meetings \& Webinar	2025-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
CVE-2022-25614	1 Stylemixthemes	1 Eroom - Zoom Meetings \& Webinar	2025-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
CVE-2021-36914	1 Claderaform	1 Calderawp License Manager	2025-02-20	6.1 Medium
Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11.
CVE-2022-27847	1 Yooslider	1 Yoo Slider	2025-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.
CVE-2022-27846	1 Yooslider	1 Yoo Slider	2025-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.
CVE-2022-27848	1 Webnus	1 Modern Events Calendar Lite	2025-02-20	3.4 Low
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
CVE-2022-27849	1 Plugin-planet	1 Simple Ajax Chat	2025-02-20	5.3 Medium
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
CVE-2022-27850	1 Plugin-planet	1 Simple Ajax Chat	2025-02-20	5.4 Medium
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.

« first previous Page 10811 of 17331. next last »