Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3443 matches found

Vulnrichment
Vulnrichmentadded 2025/12/12 3:20 a.m.2 views

CVE-2025-14035 DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.7AI score0.00032EPSS
Exploits0References6
CVE
CVEadded 2025/12/12 3:20 a.m.8 views

CVE-2025-14035

CVE-2025-14035 – DebateMaster WordPress plugin : Stored Cross‑Site Scripting via color options in DebateMaster settings (versions

4.4CVSS4.7AI score0.00032EPSS
Exploits0References6
Cvelist
Cvelistadded 2025/12/12 3:20 a.m.25 views

CVE-2025-14467 WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTALALLOWEDTAGS configuration and using insufficient input sanitization when saving job...

4.4CVSS0.00032EPSS
Exploits0References7
CVE
CVEadded 2025/12/12 3:20 a.m.11 views

CVE-2025-14467

CVE-2025-14467 is a stored cross-site scripting vulnerability in the WP Job Portal WordPress plugin, affecting all versions up to and including 2.3.9. The issue arises because the plugin whitelists the [removed] tag via WPJOBPORTAL_ALLOWED_TAGS and uses insufficient input sanitization when saving...

4.4CVSS6.1AI score0.00032EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/12/12 12:0 a.m.3 views

PT-2025-50845

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00032EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/12/12 12:0 a.m.4 views

PT-2025-50840

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api token' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5AI score0.00026EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/12/12 12:0 a.m.2 views

PT-2025-50838

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5AI score0.00029EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/12/12 12:0 a.m.5 views

PT-2025-50870

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.9. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTAL ALLOWED TAGS configuration and using insufficient input sanitization when saving job...

4.4CVSS5AI score0.00032EPSS
Exploits0References8
EUVD
EUVDadded 2025/12/10 3:23 a.m.2 views

EUVD-2025-202392

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

4.9CVSS5.4AI score0.00047EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/12/06 9:37 a.m.2 views

CVE-2025-13682

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS5AI score0.0002EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/12/06 5:54 a.m.2 views

CVE-2025-12124

The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.9AI score0.0002EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/05 9:27 a.m.1 views

EUVD-2025-201396

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS4.6AI score0.0002EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/12/05 9:27 a.m.22 views

CVE-2025-13682 Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS0.0002EPSS
Exploits0References2
CVE
CVEadded 2025/12/05 9:27 a.m.7 views

CVE-2025-13682

CVE-2025-13682 refers to a stored cross-site scripting vulnerability in the WordPress Trail Manager plugin (versions

4.4CVSS4.7AI score0.0002EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/05 9:27 a.m.3 views

CVE-2025-13682 Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.4CVSS4.7AI score0.0002EPSS
Exploits0References2
NVD
NVDadded 2025/12/05 7:16 a.m.3 views

CVE-2025-12186

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.0002EPSS
Exploits0References2
NVD
NVDadded 2025/12/05 6:16 a.m.1 views

CVE-2025-12124

The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.0002EPSS
Exploits0References2
EUVD
EUVDadded 2025/12/05 6:7 a.m.1 views

EUVD-2025-201361

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.6AI score0.0002EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/12/05 6:7 a.m.1 views

CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.7AI score0.0002EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/05 5:31 a.m.0 views

CVE-2025-12124 FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS4.6AI score0.0002EPSS
Exploits0References2
Rows per page
Query Builder