Exploit Intelligence Platform

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,501 CVEs tracked 53,335 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,948 Nuclei templates 49,234 vendors 42,835 researchers

42,628 results Clear all

CVE-2014-4601 EPSS 0.00

Wu-Rating <1.0.12319 - XSS

Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter.

CWE-79 Jul 02, 2014

CVE-2014-4600 EPSS 0.00

WP Ultimate Email Marketer <1.1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter.

CWE-79 Jul 02, 2014

CVE-2014-4599 EPSS 0.00

WP-Business Directory <1.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter.

CWE-79 Jul 02, 2014

CVE-2014-4598 EPSS 0.00

WordPress wp-tmkm-amazon <1.5b - XSS

Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter.

CWE-79 Jul 02, 2014

CVE-2014-4596 EPSS 0.00

SnapApp <1.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.

CWE-79 Jul 02, 2014

CVE-2014-4595 EPSS 0.00

WP RESTful <0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php.

CWE-79 Jul 02, 2014

CVE-2014-4594 EPSS 0.00

WordPress Responsive Preview <1.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CWE-79 Jul 02, 2014

CVE-2014-4593 EPSS 0.00

WP Plugin Manager <1.6.4.b - XSS

Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

CWE-79 Jul 02, 2014

CVE-2014-4590 EPSS 0.00

WP Microblogs <0.4.0 - XSS

Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter.

CWE-79 Jul 02, 2014

CVE-2014-4589 EPSS 0.00

WP Silverlight Media Player <0.8 - XSS

Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.

CWE-79 Jul 02, 2014

CVE-2014-4588 EPSS 0.00

wphotfiles <1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.

CWE-79 Jul 02, 2014

CVE-2014-4587 EPSS 0.00

WP GuestMap <1.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.

CWE-79 Jul 02, 2014

CVE-2014-4582 EPSS 0.00

WP Consultant <1.0 - XSS

Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter.

CWE-79 Jul 02, 2014

CVE-2014-4580 EPSS 0.00

WP BlipBot <3.0.9 - XSS

Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter.

CWE-79 Jul 02, 2014

CVE-2014-4579 EPSS 0.00

Appointments Scheduler <1.5 - XSS

Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CWE-79 Jul 02, 2014

CVE-2014-4578 EPSS 0.00

WP App Maker <1.0.16.4 - XSS

Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.

CWE-79 Jul 02, 2014

CVE-2014-4576 EPSS 0.00

WordPress Social Login <2.0.3 - XSS

Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.

CWE-79 Jul 02, 2014

CVE-2014-4574 EPSS 0.00

WordPress WebEngage <2.0.1 - XSS

Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter.

CWE-79 Jul 02, 2014

CVE-2014-4573 EPSS 0.00

Walk Score <0.5.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter.

CWE-79 Jul 02, 2014

CVE-2014-4572 EPSS 0.00

Votecount for Balatarin <0.1.1 - XSS

Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.

CWE-79 Jul 02, 2014