CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/12/13 6:30 p.m.•2 views

EUVD-2025-203190

5.3CVSS5.2AI score0.00039EPSS

Exploits0References5

NVD•added 2025/12/13 4:16 p.m.•1 views

CVE-2025-13403

4.3CVSS0.00039EPSS

Cvelist•added 2025/12/13 3:20 a.m.•21 views

CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

4.3CVSS0.00039EPSS

CVE•added 2025/12/13 3:20 a.m.•11 views

CVE-2025-13403

CVE-2025-13403 concerns the WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team (vulnerable through all versions up to and including 5.1.3). The root cause is missing authorization validation in the employee_spotlight_check_optin() function, which allows authenticated attac...

4.3CVSS5.2AI score0.00039EPSS

Vulnrichment•added 2025/12/13 3:20 a.m.•1 views

CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

4.3CVSS5.3AI score0.00039EPSS

Positive Technologies•added 2025/12/13 12:0 a.m.•6 views

PT-2025-51044

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee spotlight check optin function in all versions up to, and including, 5.1.3. This makes it possibl...

5.3CVSS5.6AI score0.00039EPSS

CNNVD•added 2025/12/13 12:0 a.m.•1 views

WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin...

5.3CVSS5.8AI score0.00039EPSS

Exploits0References5

Patchstack•added 2025/12/12 10:2 p.m.•7 views

WordPress Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Tracking Opt-In/Opt-Out Modification vulnerability discovered by Legion Hunter in WordPress Plugin Employee Spotlight versions = 5.1.3...

5.3CVSS6.7AI score0.00039EPSS

Exploits0References1Affected Software1

CNVD•added 2025/11/05 12:0 a.m.•2 views

WordPress Employee Spotlight plugin cross-site scripting vulnerability

WordPress Employee Spotlight plugin is a plugin for quickly searching and managing WordPress backend content, inspired by the Mac's Spotlight feature, which supports searching for posts, users, plugins, themes, etc., and provides real-time updating and editing features. The WordPress Employee...

6.4CVSS6.1AI score0.00032EPSS

Patchstack•added 2025/11/03 10:26 p.m.•5 views

WordPress Employee Spotlight plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Employee Spotlight versions = 5.1.2...

6.4CVSS5.5AI score0.00032EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/02 5:44 a.m.•4 views

CVE-2025-12090

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social URLs in all versions up to, and including, 5.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00032EPSS

EUVD•added 2025/11/01 6:30 a.m.•3 views

EUVD-2025-37423

6.4CVSS4.6AI score0.00032EPSS

Exploits0References3

NVD•added 2025/11/01 6:15 a.m.•3 views

CVE-2025-12090

6.4CVSS0.00032EPSS

Vulnrichment•added 2025/11/01 5:40 a.m.•2 views

CVE-2025-12090 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00032EPSS

Cvelist•added 2025/11/01 5:40 a.m.•4 views

CVE-2025-12090 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00032EPSS

CVE•added 2025/11/01 5:40 a.m.•15 views

CVE-2025-12090

CVE-2025-12090 : WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team prior to 5.1.3 is vulnerable to Stored Cross-Site Scripting via Social URLs. Exploitation requires authenticated access at least at the Contributor level; attackers can inject scripts that run when users v...

6.4CVSS4.7AI score0.00032EPSS

Positive Technologies•added 2025/11/01 12:0 a.m.•3 views

PT-2025-44712

Name of the Vulnerable Software and Affected Versions Employee Spotlight – Team Member Showcase & Meet the Team Plugin versions prior to 5.1.3 Description The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is susceptible to Stored Cross-Site Scripting through Socia...

6.4CVSS5.2AI score0.00032EPSS

Exploits0References8

CNNVD•added 2025/11/01 12:0 a.m.•2 views

WordPress plugin Employee Spotlight 跨站脚本漏洞

6.4CVSS6AI score0.00032EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-25983

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00104EPSS