CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/11/01 6:30 a.m.•1 views

EUVD-2025-37411

4.4CVSS4.6AI score0.00022EPSS

Exploits0References3

EUVD•added 2025/11/01 6:30 a.m.•2 views

EUVD-2025-37414

The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS4.5AI score0.00028EPSS

Exploits0References6

NVD•added 2025/11/01 5:16 a.m.•2 views

CVE-2025-11927

4.4CVSS0.00028EPSS

Vulnrichment•added 2025/11/01 4:27 a.m.•1 views

CVE-2025-11927 Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.6AI score0.00028EPSS

Cvelist•added 2025/11/01 4:27 a.m.•5 views

CVE-2025-11927 Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00028EPSS

CVE•added 2025/11/01 4:27 a.m.•4 views

CVE-2025-11927

CVE-2025-11927 – Flying Images plugin (WordPress) is affected in versions up to 2.4.14. The vulnerability is an authenticated (Admin+) Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. Successful exploitation enables an attacker with...

4.4CVSS4.6AI score0.00028EPSS

NVD•added 2025/11/01 4:16 a.m.•2 views

CVE-2025-11928

4.4CVSS0.00022EPSS

CVE•added 2025/11/01 3:34 a.m.•9 views

CVE-2025-11928

CVE-2025-11928 refers to a stored cross-site scripting flaw in the WordPress plugin “CSS & JavaScript Toolbox” (versions

4.4CVSS4.7AI score0.00022EPSS

Vulnrichment•added 2025/11/01 3:34 a.m.•1 views

CVE-2025-11928 CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.7AI score0.00022EPSS

Cvelist•added 2025/11/01 3:34 a.m.•4 views

CVE-2025-11928 CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00022EPSS

Positive Technologies•added 2025/11/01 12:0 a.m.•2 views

PT-2025-44704

Name of the Vulnerable Software and Affected Versions The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress versions prior to 2.4.15 Description The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitizati...

4.4CVSS5.2AI score0.00028EPSS

Exploits0References11

Positive Technologies•added 2025/11/01 12:0 a.m.•2 views

PT-2025-44701

Name of the Vulnerable Software and Affected Versions CSS & JavaScript Toolbox versions prior to 12.0.6 Description The CSS & JavaScript Toolbox plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows...

4.4CVSS5.3AI score0.00022EPSS

Exploits0References8

RedhatCVE•added 2025/10/31 6:12 a.m.•5 views

CVE-2025-10636

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.3AI score0.00022EPSS

EUVD•added 2025/10/30 6:30 a.m.•1 views

EUVD-2025-36903

3.5CVSS4.9AI score0.00022EPSS

Exploits0References3

NVD•added 2025/10/30 6:15 a.m.•2 views

CVE-2025-10636

3.5CVSS0.00022EPSS

Cvelist•added 2025/10/30 6:0 a.m.•4 views

CVE-2025-10636 NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS

0.00022EPSS

Vulnrichment•added 2025/10/30 6:0 a.m.•2 views

CVE-2025-10636 NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS

5AI score0.00022EPSS

CVE•added 2025/10/30 6:0 a.m.•6 views

CVE-2025-10636

The WordPress plugin NS Maintenance Mode for WP (versions up to 1.3.1) has a stored XSS flaw due to insufficient sanitization/escaping of certain settings, which could let high-privilege users (e.g., admins) inject scripts even when unfiltered_html is disallowed (multisite scenarios). PTSecurity/...

3.5CVSS5AI score0.00022EPSS