CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46281

Name of the Vulnerable Software and Affected Versions RandomQuotr versions prior to 1.0.5 Description The RandomQuotr plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers with...

5.5CVSS5.2AI score0.00027EPSS

Positive Technologies•added 2025/11/10 12:0 a.m.•3 views

PT-2025-46241

Name of the Vulnerable Software and Affected Versions Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress versions prior to 2.0.1 Description The Double the Donation plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin...

4.9CVSS5.2AI score0.00024EPSS

Exploits0References8

RedhatCVE•added 2025/11/09 3:57 a.m.•4 views

CVE-2025-12125

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00022EPSS

RedhatCVE•added 2025/11/08 7:41 a.m.•4 views

CVE-2025-12520

The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, wit...

4CVSS4.8AI score0.00025EPSS

EUVD•added 2025/11/08 6:30 a.m.•1 views

EUVD-2025-38350

4.4CVSS4.5AI score0.00022EPSS

Exploits0References3

Cvelist•added 2025/11/08 3:27 a.m.•5 views

CVE-2025-12125 HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00022EPSS

CVE•added 2025/11/08 3:27 a.m.•16 views

CVE-2025-12125

CVE-2025-12125 corresponds to a Stored Cross-Site Scripting vulnerability in the WordPress plugin HTML Forms – Simple WordPress Forms Plugin. The issue arises from insufficient input sanitization and output escaping in admin settings, making authenticated attackers with administrator-level permis...

4.4CVSS4.6AI score0.00022EPSS

NVD•added 2025/11/07 6:15 a.m.•5 views

CVE-2025-12520

4CVSS0.00025EPSS

CVE•added 2025/11/07 5:29 a.m.•22 views

CVE-2025-12520

The CVE-2025-12520 entry refers to a Stored Cross-Site Scripting vulnerability in the WordPress WP Airbnb Review Slider plugin (versions ≤ 4.2). The root cause is insufficient URL validation that allows loading a malicious HTML file, enabling authenticated attackers with administrator-level privi...

4CVSS4.6AI score0.00025EPSS

Vulnrichment•added 2025/11/07 5:29 a.m.•2 views

CVE-2025-12520 WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4CVSS4.6AI score0.00025EPSS

Positive Technologies•added 2025/11/07 12:0 a.m.•3 views

PT-2025-45409

Name of the Vulnerable Software and Affected Versions WP Airbnb Review Slider plugin for WordPress versions up to and including 4.2 Description The WP Airbnb Review Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient URL validation allows...

4CVSS5.1AI score0.00025EPSS

Exploits0References9

RedhatCVE•added 2025/11/05 3:7 p.m.•2 views

CVE-2025-12184

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5AI score0.00022EPSS

RedhatCVE•added 2025/11/05 5:8 a.m.•1 views

CVE-2025-12065

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticonjsscript' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.9AI score0.00024EPSS

RedhatCVE•added 2025/11/05 5:8 a.m.•2 views

CVE-2025-12371

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

RedhatCVE•added 2025/11/05 5:8 a.m.•3 views

CVE-2025-12393

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

RedhatCVE•added 2025/11/05 5:8 a.m.•3 views

CVE-2025-11753

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2025/11/05 5:8 a.m.•3 views

CVE-2025-12396

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

NVD•added 2025/11/04 3:15 p.m.•2 views

CVE-2025-12184

4.4CVSS0.00022EPSS

Cvelist•added 2025/11/04 2:25 p.m.•3 views

CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00022EPSS