CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...

6.4CVSS6AI score0.00184EPSS

Exploits0References2

NVD•added 2025/10/02 2:15 p.m.•5 views

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

5.4CVSS0.00373EPSS

Exploits2References4

CNNVD•added 2025/09/30 12:0 a.m.•1 views

WordPress plugin BP Direct Menus 跨站脚本漏洞

WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...

6.4CVSS6.1AI score0.00176EPSS

Exploits0References2

NVD•added 2025/09/26 7:15 a.m.•3 views

CVE-2025-10490

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00182EPSS

Exploits0References2

NVD•added 2025/09/26 2:15 a.m.•3 views

CVE-2025-8906

The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00185EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by