CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6236 matches found

CNNVD•added 2025/12/16 12:0 a.m.•1 views

WordPress plugin User Avatar - Reloaded 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.9AI score0.00029EPSS

Exploits0References1

Cvelist•added 2025/12/15 8:28 p.m.•16 views

CVE-2023-53891 Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

5.1CVSS0.00024EPSS

Exploits1References3

OSV•added 2025/12/15 4:15 p.m.•2 views

CVE-2025-66843

grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...

5.4CVSS5.4AI score

Exploits0References1

NVD•added 2025/12/15 4:15 p.m.•3 views

CVE-2025-14387

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

6.4CVSS0.00032EPSS

Exploits0References2

Positive Technologies•added 2025/12/15 12:0 a.m.•4 views

PT-2025-51300

Name of the Vulnerable Software and Affected Versions JLex GuestBook version 1.6.4 Description The software contains a reflected cross-site scripting issue in the q URL parameter. This allows attackers to inject malicious scripts. Attackers can create malicious links with XSS payloads to...

5.1CVSS6.2AI score0.00052EPSS

Exploits0References6

RedhatCVE•added 2025/12/14 8:45 a.m.•11 views

CVE-2025-8199

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00031EPSS

Exploits0References1

EUVD•added 2025/12/13 6:30 p.m.•3 views

EUVD-2025-203253

ShineLan-X contains a stored cross site scripting XSS vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious...

8.4CVSS5.2AI score0.00028EPSS

Exploits0References2

CVE•added 2025/12/13 8:21 a.m.•14 views

CVE-2025-9856

The CVE-2025-9856 entry concerns the Popup Builder – Create highly converting, mobile friendly marketing popups. WordPress plugin. Public details from Wordfence indicate a Stored Cross-Site Scripting (XSS) vulnerability in the sg_popup shortcode, arising from insufficient input sanitization and o...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Patchstack•added 2025/12/12 11:19 p.m.•4 views

WordPress Colibri Page Builder plugin <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Colibri Page Builder versions = 1.0.335...

6.4CVSS5.3AI score0.00032EPSS

Exploits0References1Affected Software1

NVD•added 2025/12/12 4:15 a.m.•1 views

CVE-2025-13969

The Reviews Sorted plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'space' parameter of the reviews-slider shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS0.00081EPSS

Exploits0References11

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50845

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00032EPSS

Exploits0References7

RedhatCVE•added 2025/12/11 7:1 p.m.•5 views

CVE-2025-64598

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2025/12/11 7:1 p.m.•2 views

CVE-2025-64881

5.4CVSS5.6AI score0.00025EPSS

Exploits0References1

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202566

5.4CVSS5AI score0.00025EPSS

Exploits0References2

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202477