Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3443 matches found

CVE
CVEadded 2025/11/04 2:25 p.m.9 views

CVE-2025-12184

CVE-2025-12184 affects the WordPress MeetingList plugin (versions up to and including 0.11). The vulnerability is a Stored Cross-Site Scripting flaw in admin/settings handling, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with Administr...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References2
EUVD
EUVDadded 2025/11/04 2:25 p.m.3 views

EUVD-2025-37761

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS4.6AI score0.00022EPSS
Exploits0References2
NVD
NVDadded 2025/11/04 5:16 a.m.3 views

CVE-2025-12371

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS0.00022EPSS
Exploits0References2
NVD
NVDadded 2025/11/04 5:16 a.m.2 views

CVE-2025-12065

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticonjsscript' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00024EPSS
Exploits0References2
NVD
NVDadded 2025/11/04 5:16 a.m.3 views

CVE-2025-11753

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00022EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/11/04 4:27 a.m.5 views

CVE-2025-12396 Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00022EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/04 4:27 a.m.4 views

CVE-2025-12396 Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/04 4:27 a.m.6 views

CVE-2025-11753 Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References3
CVE
CVEadded 2025/11/04 4:27 a.m.9 views

CVE-2025-11753

CVE-2025-11753 : WordPress plugin Bootstrap Multi-language Responsive Portfolio is vulnerable to Stored Cross-Site Scripting via admin settings. Affected versions are those up to and including 1.0; the issue requires authenticated admin+ access and occurs in multisite installations or where unfil...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/11/04 4:27 a.m.9 views

CVE-2025-11753 Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00022EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/11/04 4:27 a.m.4 views

CVE-2025-12065 WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticonjsscript' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00024EPSS
Exploits0References2
CVE
CVEadded 2025/11/04 4:27 a.m.8 views

CVE-2025-12065

CVE-2025-12065 affects the WP Carticon WordPress plugin. The vulnerability is a stored cross-site scripting (XSS) via the carticon_js_script parameter in all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admi...

4.4CVSS4.7AI score0.00024EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/04 4:27 a.m.2 views

CVE-2025-12371 Nari Accountant <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/04 4:27 a.m.1 views

CVE-2025-12065 WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticonjsscript' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.7AI score0.00024EPSS
Exploits0References2
CVE
CVEadded 2025/11/04 4:27 a.m.11 views

CVE-2025-12393

CVE-2025-12393 affects the WordPress plugin Free Quotation up to version 3.1.6. It is a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping in admin settings. Exploitation requires authentication at administrator level or higher, and affec...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/04 4:27 a.m.5 views

CVE-2025-12393 Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00022EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/04 4:27 a.m.3 views

CVE-2025-12393 Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS4.7AI score0.00022EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/04 12:0 a.m.2 views

PT-2025-44949

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

4.4CVSS5AI score0.00022EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/04 12:0 a.m.4 views

PT-2025-44938

Name of the Vulnerable Software and Affected Versions Bootstrap Multi-language Responsive Portfolio versions prior to 1.0 Description The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input...

4.4CVSS5.3AI score0.00022EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/11/04 12:0 a.m.2 views

PT-2025-44942

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon js script' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00024EPSS
Exploits0References3
Rows per page
Query Builder