CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8980 matches found

Positive Technologies•added 2025/01/18 12:0 a.m.•2 views

PT-2025-2171 · WordPress · Utilities For Mtg

Name of the Vulnerable Software and Affected Versions: Utilities for MTG plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00266EPSS

Exploits0References6

CNNVD•added 2025/01/18 12:0 a.m.•2 views

WordPress plugin JSM Screenshot Machine Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS7.7AI score0.00325EPSS

Exploits0References4

Positive Technologies•added 2025/01/18 12:0 a.m.•4 views

PT-2025-2149 · WordPress · The Rate Star Review Vote – Ajax Reviews

Name of the Vulnerable Software and Affected Versions: The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper reviews' shortcode due to...

6.4CVSS7.9AI score0.00338EPSS

Exploits0References7

Patchstack•added 2025/01/18 12:0 a.m.•2 views

WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Weaver Themes Shortcode Compatibility versions = 1.0.4...

6.5CVSS6.1AI score0.00206EPSS

Exploits0Affected Software1

Patchstack•added 2025/01/18 12:0 a.m.•2 views

WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Ngoc Duy Patchstack Alliance in WordPress Plugin Related Post Shortcode versions = 1.2...

5.9CVSS6.1AI score0.0021EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/01/18 12:0 a.m.•2 views

PT-2025-3706 · WordPress · List Category Posts

Name of the Vulnerable Software and Affected Versions: List category posts WordPress plugin versions prior to 0.90.3 Description: The issue concerns the List category posts WordPress plugin, where versions prior to 0.90.3 do not validate and escape some of its shortcode attributes before outputti...

5.4CVSS8.3AI score0.00313EPSS

Exploits1References9

Positive Technologies•added 2025/01/18 12:0 a.m.•3 views

PT-2025-2148 · WordPress · Micropayments – Fans Paysite

Name of the Vulnerable Software and Affected Versions: MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress versions up to, and including, 2.9.29 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper...

6.4CVSS7.8AI score0.00272EPSS

Exploits0References7

Positive Technologies•added 2025/01/18 12:0 a.m.•4 views

PT-2025-2150 · WordPress · Video Share Vod – Turnkey Video Site Builder Script

Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions up to, and including, 2.6.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper videos' shortcode due to insufficie...

6.4CVSS7.7AI score0.0033EPSS

Exploits0References7

Patchstack•added 2025/01/17 9:3 p.m.•3 views

WordPress JSM Screenshot Machine Shortcode plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin JSM Screenshot Machine Shortcode versions = 2.3.0...

6.4CVSS5.7AI score0.00325EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/01/17 12:0 a.m.•3 views

PT-2025-2154 · WordPress · Checkout For Paypal

Name of the Vulnerable Software and Affected Versions: Checkout for PayPal plugin for WordPress versions up to, and including, 1.0.32 Description: The issue is related to Stored Cross-Site Scripting via the plugin's checkout for paypal shortcode due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.00272EPSS

Exploits0References7

Positive Technologies•added 2025/01/17 12:0 a.m.•5 views

PT-2025-2157 · WordPress · Payment Button For Paypal

Name of the Vulnerable Software and Affected Versions: Payment Button for PayPal plugin for WordPress versions up to, and including, 1.2.3.35 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wp paypal checkout shortcode. Thi...

6.4CVSS9.2AI score0.0034EPSS

Exploits1References9

NVD•added 2025/01/16 9:15 p.m.•11 views

CVE-2025-23943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aruvi PDF.js Shortcode pdfjs-shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through = 1.0...

6.5CVSS0.0022EPSS

Exploits0References1

NVD•added 2025/01/16 9:15 p.m.•24 views

CVE-2025-23946

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Le-Pixel-Solitaire Enhanced YouTube Shortcode enhanced-youtube-shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through = 2.0.1...

6.5CVSS0.0022EPSS

Exploits0References1

NVD•added 2025/01/16 9:15 p.m.•12 views

CVE-2025-23896

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thom4 Mindmeister Shortcode mindmeister-shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through = 1.0...

6.5CVSS0.00357EPSS

Exploits0References1

NVD•added 2025/01/16 9:15 p.m.•15 views

CVE-2025-23893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Manny Costales GMap Shortcode gmap-shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through = 2.0...

6.5CVSS0.00357EPSS

Exploits0References1

NVD•added 2025/01/16 9:15 p.m.•4 views

CVE-2025-23825

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osuthorpe Easy Shortcode Buttons easy-shortcode-buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through = 1.2...

6.5CVSS0.00272EPSS

Exploits0References1

ATTACKERKB•added 2025/01/16 8:15 p.m.•2 views

CVE-2025-23642

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...

7.2AI score0.00334EPSS

Exploits0References3

NVD•added 2025/01/16 8:15 p.m.•3 views

CVE-2025-23642

6.5CVSS0.00334EPSS

Exploits0References1

NVD•added 2025/01/16 8:15 p.m.•3 views

CVE-2025-23618

Cross-Site Request Forgery CSRF vulnerability in starise Twitter Shortcode twitter-shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through = 0.9...

7.1CVSS0.00184EPSS

Exploits0References1

NVD•added 2025/01/16 8:15 p.m.•4 views

CVE-2025-23569

Cross-Site Request Forgery CSRF vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through = 1.1.1...

7.1CVSS0.00184EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by