CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8983 matches found

CVE•added 2025/09/12 3:22 a.m.•26 views

CVE-2025-9879

CVE-2025-9879 affects the Spotify Embed Creator WordPress plugin (versions

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Cvelist•added 2025/09/12 3:22 a.m.•10 views

CVE-2025-9879 Spotify Embed Creator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0018EPSS

Exploits0References2

CNVD•added 2025/09/12 12:0 a.m.•1 views

WordPress Testimonial Plugin SQL Injection Vulnerability

WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...

6.5CVSS8.1AI score0.00258EPSS

Exploits0References1

CNVD•added 2025/09/12 12:0 a.m.•1 views

WordPress MyBrain Utilities plugin cross-site scripting vulnerability

WordPress MyBrain Utilities plugin is a plugin for enhancing the functionality of your website, mainly for optimizing the performance and user experience. A cross-site scripting vulnerability exists in the WordPress MyBrain Utilities plugin that stems from insufficient input cleanup and output...

6.4CVSS5.9AI score0.00216EPSS

Exploits0References1

CNVD•added 2025/09/12 12:0 a.m.•1 views

WordPress Heateor Login plugin cross-site scripting vulnerability

WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...

6.4CVSS5.9AI score0.00216EPSS

Exploits0References1

CNVD•added 2025/09/12 12:0 a.m.•3 views

WordPress Evenium plugin cross-site scripting vulnerability

The Evenium plugin is an event management tool for the WordPress platform for creating and integrating Evenium meeting management features. Evenium plugin version 1.3.11 and prior versions suffer from a stored XSS vulnerability that stems from insufficient filtering of shortcode user input...

6.4CVSS6.5AI score0.0018EPSS

Exploits0References1

Positive Technologies•added 2025/09/12 12:0 a.m.•5 views

PT-2025-37282

Name of the Vulnerable Software and Affected Versions: Spotify Embed Creator plugin for WordPress versions up to and including 1.0.5 Description: The Spotify Embed Creator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s spotify shortcode. Insufficient input...

6.4CVSS5AI score0.0018EPSS

Exploits0References5

Positive Technologies•added 2025/09/12 12:0 a.m.•7 views

PT-2025-37281

Name of the Vulnerable Software and Affected Versions: Embed Google Datastudio plugin for WordPress versions prior to 1.0.1 Description: The Embed Google Datastudio plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s egds shortcode. Insufficient input...

6.4CVSS5.1AI score0.0018EPSS

Exploits0References5

NVD•added 2025/09/11 8:15 a.m.•5 views

CVE-2025-9860

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.0018EPSS

Exploits0References2

NVD•added 2025/09/11 8:15 a.m.•19 views

CVE-2025-8686

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0028EPSS

Exploits0References4

NVD•added 2025/09/11 8:15 a.m.•9 views

CVE-2025-8721

The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's workablejobs shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00271EPSS

Exploits0References3

NVD•added 2025/09/11 8:15 a.m.•18 views

CVE-2025-8398

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00216EPSS

Exploits0References3

Cvelist•added 2025/09/11 7:25 a.m.•6 views

CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode

6.4CVSS0.00216EPSS

Exploits0References3

Vulnrichment•added 2025/09/11 7:25 a.m.•1 views

CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode

6.4CVSS4.7AI score0.00216EPSS

Exploits0References3

Cvelist•added 2025/09/11 7:25 a.m.•25 views

CVE-2025-9855 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting

The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplugauthors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0018EPSS

Exploits0References2

Vulnrichment•added 2025/09/11 7:25 a.m.•1 views

CVE-2025-9855 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Cvelist•added 2025/09/11 7:24 a.m.•7 views

CVE-2025-9860 Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.0018EPSS

Exploits0References2

Vulnrichment•added 2025/09/11 7:24 a.m.•3 views

CVE-2025-9860 Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

CVE•added 2025/09/11 7:24 a.m.•21 views

CVE-2025-9860

The WordPress Mixtape plugin is vulnerable to Stored Cross-Site Scripting (XSS) via the mixtape shortcode in all versions up to 1.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contributor-level access or...

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

CVE•added 2025/09/11 7:24 a.m.•19 views

CVE-2025-9874

CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...

7.5CVSS6.8AI score0.00545EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by