CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/25 9:32 a.m.•1 views

EUVD-2025-35930

4.4CVSS4.6AI score0.00021EPSS

Exploits0References4

RedhatCVE•added 2025/10/25 8:29 a.m.•3 views

CVE-2025-12016

The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qnotsquizcustomstarttext' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00023EPSS

NVD•added 2025/10/25 7:15 a.m.•4 views

CVE-2025-12034

4.4CVSS0.00021EPSS

Cvelist•added 2025/10/25 6:49 a.m.•6 views

CVE-2025-12034 Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00021EPSS

Vulnrichment•added 2025/10/25 6:49 a.m.•5 views

CVE-2025-12034 Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.6AI score0.00021EPSS

Positive Technologies•added 2025/10/25 12:0 a.m.•3 views

PT-2025-43724

Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 3.5.1 Description The Fast Velocity Minify plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticate...

4.4CVSS5.3AI score0.00021EPSS

Exploits0References7

NVD•added 2025/10/24 9:15 a.m.•2 views

CVE-2025-12016

4.4CVSS0.00023EPSS

Cvelist•added 2025/10/24 8:23 a.m.•3 views

CVE-2025-12016 qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00023EPSS

EUVD•added 2025/10/24 8:23 a.m.•1 views

EUVD-2025-35823

4.4CVSS4.6AI score0.00023EPSS

CVE•added 2025/10/24 8:23 a.m.•8 views

CVE-2025-12016

CVE-2025-12016 concerns the WordPress plugin qnotsquiz. The Wordfence intelligence entry details a stored cross-site scripting vulnerability in versions up to 1.0.0, caused by insufficient input sanitization and output escaping of the qnotsquiz_custom_start_text parameter. It states that authenti...

4.4CVSS4.7AI score0.00023EPSS

Vulnrichment•added 2025/10/24 8:23 a.m.•3 views

CVE-2025-12016 qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.7AI score0.00023EPSS

Positive Technologies•added 2025/10/24 12:0 a.m.•2 views

PT-2025-43598

Name of the Vulnerable Software and Affected Versions qnotsquiz plugin for WordPress versions prior to 1.0.1 Description The qnotsquiz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the qnotsquiz custom start text parameter. Insufficient input sanitization and output...

4.4CVSS5.3AI score0.00023EPSS

Exploits0References6

RedhatCVE•added 2025/10/23 3:14 p.m.•2 views

CVE-2025-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Globalis MultiSite Clone Duplicator multisite-clone-duplicator allows Reflected XSS.This issue affects MultiSite Clone Duplicator: from n/a through = 1.5.3...

7.1CVSS6.4AI score0.00075EPSS

RedhatCVE•added 2025/10/23 6:59 a.m.•2 views

CVE-2025-12033

The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'proversionactivationcode' parameter in all versions up to, and including, 3.0.10 due to insufficient inp...

4.4CVSS5AI score0.00023EPSS

EUVD•added 2025/10/22 3:31 p.m.•2 views

EUVD-2025-35476

5.9AI score0.00075EPSS

NVD•added 2025/10/22 3:15 p.m.•7 views

CVE-2025-52760

7.1CVSS0.00075EPSS