Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3427 matches found

Cvelist
Cvelistadded 2026/01/14 5:28 a.m.21 views

CVE-2025-15021 Gotham Block Extra Light <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00039EPSS
Exploits0References3
CVE
CVEadded 2026/01/14 5:28 a.m.10 views

CVE-2025-15021

The CVE-2025-15021 entry concerns the WordPress Gotham Block Extra Light plugin. A stored XSS vulnerability exists in admin settings for all versions up to 1.5.0, caused by insufficient input sanitization and output escaping. Authenticated attackers with administrator-level permissions (and above...

4.4CVSS4.7AI score0.00039EPSS
Exploits0References3
CVE
CVEadded 2026/01/14 5:28 a.m.11 views

CVE-2025-14379

The CVE-2025-14379 entry concerns the WordPress plugin Testimonials Creator (version 1.6). Affected component: the plugin’s admin/settings handling where insufficient input sanitization and output escaping enables a Stored Cross-Site Scripting (XSS) vulnerability. Attack scenario: authenticated a...

4.4CVSS4.9AI score0.00011EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/14 5:28 a.m.22 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00011EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/14 5:28 a.m.2 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS4.8AI score0.00011EPSS
Exploits0References2
CVE
CVEadded 2026/01/14 5:28 a.m.6 views

CVE-2026-0680

CVE-2026-0680 - Real Post Slider Lite (WordPress) Concrete details: Real Post Slider Lite is affected by a Stored Cross-Site Scripting vulnerability in its settings. The underlying issue is insufficient input sanitization and output escaping. Affected versions are all up to and including 2.4. Exp...

4.4CVSS4.7AI score0.00048EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/01/14 5:28 a.m.21 views

CVE-2025-14725 Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.0004EPSS
Exploits0References2
CVE
CVEadded 2026/01/14 5:28 a.m.13 views

CVE-2025-14725

The CVE-2025-14725 entry concerns the WordPress plugin Internal Link Builder (

4.4CVSS4.7AI score0.0004EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/14 5:28 a.m.20 views

CVE-2026-0680 Real Post Slider Lite <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00048EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/14 5:28 a.m.1 views

CVE-2026-0680 Real Post Slider Lite <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.7AI score0.00048EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/14 5:28 a.m.1 views

CVE-2025-14725 Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.7AI score0.0004EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/14 12:0 a.m.3 views

PT-2026-2826

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS5AI score0.00048EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/01/14 12:0 a.m.2 views

PT-2026-2830

The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00048EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/01/14 12:0 a.m.2 views

PT-2026-2817

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.0004EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/14 12:0 a.m.2 views

PT-2026-2821

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00039EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/13 10:54 p.m.1 views

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2026/01/12 6:16 a.m.0 views

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00014EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/12 6:0 a.m.21 views

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00014EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/12 6:0 a.m.4 views

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00014EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/12 12:0 a.m.2 views

PT-2026-1747

Name of the Vulnerable Software and Affected Versions The Quiz Maker WordPress plugin versions prior to 6.7.0.89 Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site...

4.8CVSS4.7AI score0.00014EPSS
Exploits0References4
Rows per page
Query Builder