CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/12/09 2:52 p.m.•1 views

CVE-2025-63048 WordPress ListingPro Lead Form plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.2AI score0.00204EPSS

CVE•added 2025/12/09 2:52 p.m.•5 views

CVE-2025-63044

CVE-2025-63044 concerns the WordPress plugin Xpro Addons — 140+ Widgets for Elementor (Xpro Elementor Addons) up to version ≤ 1.4.19.1. The issue is a DOM-based Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. The vulnerability affects the plugin in W...

6.5CVSS6AI score0.00211EPSS

CVE•added 2025/12/09 2:52 p.m.•16 views

CVE-2025-63045

CVE-2025-63045 describes a DOM-based XSS in the WordPress plugin Master Slider Pro (versions

6.5CVSS6AI score0.00214EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/09 2:52 p.m.•19 views

CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

6.5CVSS0.00211EPSS

Vulnrichment•added 2025/12/09 2:52 p.m.•1 views

CVE-2025-63037 WordPress Ronneby Theme Core plugin <= 1.5.68 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

Vulnrichment•added 2025/12/09 2:52 p.m.•2 views

CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS6AI score0.00211EPSS

CVE•added 2025/12/09 2:52 p.m.•12 views

CVE-2025-63035

CVE-2025-63035 affects the WordPress WPLMS plugin (WPLMS wplms_plugin) up to version 1.9.9.5.4. The issue is a DOM-Based Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. This can enable script execution within the context of the affected site....

Exploits0References1Affected Software1

CVE•added 2025/12/09 2:52 p.m.•5 views

CVE-2025-63011

CVE-2025-63011 is a DOM-based XSS vulnerability in the WordPress plugin WP Hotel Booking (wp-hotel-booking) from ThimPress, affecting versions from n/a through 2.2.7. Root cause: improper neutralization of input during web page generation (XSS). Affected component is the plugin’s web page generat...

5.9CVSS5.9AI score0.00167EPSS

Vulnrichment•added 2025/12/09 2:52 p.m.•2 views

CVE-2025-63011 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

5.9CVSS5.2AI score0.00167EPSS

CVE-2025-67553 WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...

6.5CVSS6AI score0.00156EPSS

CVE-2025-67552 WordPress Walker Core plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WalkerWP Walker Core walker-core allows DOM-Based XSS.This issue affects Walker Core: from n/a through = 1.3.17...

Cvelist•added 2025/12/09 2:14 p.m.•37 views

CVE-2025-67552 WordPress Walker Core plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00156EPSS

CVE•added 2025/12/09 2:14 p.m.•12 views

CVE-2025-67553

CVE-2025-67553 affects the WordPress Advanced FAQ Manager plugin (versions

CVE-2025-67549 WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

CVE•added 2025/12/09 2:14 p.m.•7 views

CVE-2025-67549

CVE-2025-67549 affects the WordPress plugin oik up to version 4.15.3. Root cause: improper input neutralization during web page generation, enabling DOM-based XSS. Impact: DOM-based XSS with Low–Medium confidentiality, integrity, and availability effects (CVSS v3.1 base 6.5). Affected product: oik

CVE-2025-67542 WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through = 2.33...

CNNVD•added 2025/12/09 12:0 a.m.•1 views

WordPress plugin Ronneby Theme Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging websites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...