Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/09/19 2:22 a.m.6 views

CVE-2025-9851

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.9AI score0.00048EPSS
Exploits0References1
CNVD
CNVDadded 2025/09/19 12:0 a.m.2 views

WordPress Appointmind plugin cross-site scripting vulnerability

WordPress Appointmind plugin is an online appointment management plugin for WordPress, mainly used to embed the online appointment scheduling feature into posts or sidebars. WordPress Appointmind plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.4CVSS6.1AI score0.00048EPSS
Exploits0References1
NVD
NVDadded 2025/09/17 2:15 a.m.4 views

CVE-2025-9851

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00048EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/09/17 1:49 a.m.2 views

CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00048EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/17 1:49 a.m.7 views

CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00048EPSS
Exploits0References2
CVE
CVEadded 2025/09/17 1:49 a.m.17 views

CVE-2025-9851

CVE-2025-9851 affects the WordPress Appointmind plugin. The vulnerability is a Stored Cross‑Site Scripting via the appointmind_calendar shortcode in all versions up to 4.1.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...

6.4CVSS4.7AI score0.00048EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/17 12:0 a.m.1 views

PT-2025-38103

Name of the Vulnerable Software and Affected Versions: Appointmind plugin for WordPress versions up to and including 4.1.0 Description: The Appointmind plugin for WordPress is susceptible to Stored Cross-Site Scripting through the appointmind calendar shortcode. Insufficient input sanitization an...

6.4CVSS5AI score0.00048EPSS
Exploits0References6
Patchstack
Patchstackadded 2025/09/16 10:28 p.m.5 views

WordPress Appointmind plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Appointmind versions = 4.1.0...

6.4CVSS5.5AI score0.00048EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder