CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/10/24 8:23 a.m.•3 views

CVE-2025-12096 Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00176EPSS

EUVD•added 2025/10/24 8:23 a.m.•4 views

EUVD-2025-35814

6.4CVSS4.7AI score0.00176EPSS

Exploits0References3

CVE•added 2025/10/24 8:23 a.m.•18 views

CVE-2025-12096

CVE-2025-12096 affects the WordPress plugin Simple Excel Pricelist for WooCommerce (versions

6.4CVSS4.7AI score0.00176EPSS

Cvelist•added 2025/10/24 8:23 a.m.•8 views

CVE-2025-12096 Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00176EPSS

Positive Technologies•added 2025/10/24 12:0 a.m.•5 views

PT-2025-43602

Name of the Vulnerable Software and Affected Versions Simple Excel Pricelist for WooCommerce plugin for WordPress versions prior to 1.14 Description The Simple Excel Pricelist for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'pricelist' shortcode...

6.4CVSS5.3AI score0.00176EPSS

Exploits0References6

RedhatCVE•added 2025/10/23 3:14 p.m.•3 views

CVE-2025-49945

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

7.1CVSS6.4AI score0.00283EPSS

RedhatCVE•added 2025/10/23 9:13 a.m.•6 views

CVE-2025-11819

The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

RedhatCVE•added 2025/10/23 9:13 a.m.•17 views

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

6.4CVSS5.1AI score0.00176EPSS

RedhatCVE•added 2025/10/23 9:13 a.m.•10 views

CVE-2025-10138

The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00214EPSS

RedhatCVE•added 2025/10/23 9:13 a.m.•11 views

CVE-2025-11804

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00265EPSS

RedhatCVE•added 2025/10/23 9:13 a.m.•9 views

CVE-2025-11880

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.2AI score0.00176EPSS

RedhatCVE•added 2025/10/23 9:13 a.m.•18 views

CVE-2025-11813

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...

RedhatCVE•added 2025/10/23 9:13 a.m.•9 views

CVE-2025-11817

The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableau' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

RedhatCVE•added 2025/10/23 9:13 a.m.•9 views

CVE-2025-11811

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

RedhatCVE•added 2025/10/23 9:13 a.m.•7 views

CVE-2025-11830

The WP Restaurant Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter of the restaurantsummary shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00176EPSS

RedhatCVE•added 2025/10/23 9:13 a.m.•8 views

CVE-2025-11809

The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due to insufficient input sanitization and output escaping on the 'class' attribute. This makes it possible for authenticated...

6.4CVSS5AI score0.00213EPSS