CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/01/06 11:1 p.m.•4 views

WordPress AI BotKit plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin AI BotKit versions = 1.1.7...

6.4CVSS5.8AI score0.00188EPSS

Patchstack•added 2026/01/06 10:49 p.m.•4 views

WordPress PhotoFade plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin PhotoFade versions = 0.2.1...

6.4CVSS5.8AI score0.00287EPSS

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultimate Member versions = 2.11.0...

6.4CVSS5.9AI score0.0021EPSS

Patchstack•added 2025/12/31 12:0 a.m.•4 views

WordPress Easy Jump Links Menus plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Easy Jump Links Menus versions = 1.0.0...

6.4CVSS5.9AI score0.00198EPSS

NVD•added 2025/12/29 6:15 a.m.•1 views

CVE-2025-13958

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.9CVSS0.00143EPSS

Cvelist•added 2025/12/29 6:0 a.m.•25 views

CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS

0.00143EPSS

EUVD•added 2025/12/29 6:0 a.m.•2 views

EUVD-2025-205552

5.9CVSS5AI score0.00143EPSS

Exploits0References3

Vulnrichment•added 2025/12/29 6:0 a.m.•1 views

CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS

5.1AI score0.00143EPSS

CVE•added 2025/12/29 6:0 a.m.•15 views

CVE-2025-13958

CVE-2025-13958 relates to the YaMaps for WordPress Plugin prior to 0.6.40, which does not validate and escape certain shortcode attributes before output. This can enable a stored XSS condition in pages or posts where the shortcode is embedded if an attacker has the Contributor role or higher. Roo...

5.9CVSS5.1AI score0.00143EPSS

CNNVD•added 2025/12/29 12:0 a.m.•1 views

WordPress plugin YaMaps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.9CVSS5.8AI score0.00143EPSS

Exploits0References2

RedhatCVE•added 2025/12/22 3:23 a.m.•1 views

CVE-2025-13220

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

6.4CVSS5AI score0.0021EPSS

EUVD•added 2025/12/21 6:31 a.m.•3 views

EUVD-2025-204658

6.4CVSS4.7AI score0.0021EPSS

Exploits0References9

NVD•added 2025/12/21 4:16 a.m.•3 views

CVE-2025-13220

6.4CVSS0.0021EPSS

CVE•added 2025/12/21 3:20 a.m.•13 views

CVE-2025-13220

Summary of the CVE (CVE-2025-13220) : The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress (affected versions up to 2.11.0) is vulnerable to a Stored Cross-Site Scripting (XSS) via shortcode attributes. The root cause is ...

6.4CVSS4.7AI score0.0021EPSS

Cvelist•added 2025/12/21 3:20 a.m.•17 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.0021EPSS

Vulnrichment•added 2025/12/21 3:20 a.m.•2 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.0021EPSS

RedhatCVE•added 2025/12/16 2:49 p.m.•2 views

CVE-2025-13367

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS5AI score0.00273EPSS

Patchstack•added 2025/12/15 10:59 p.m.•6 views

WordPress User Registration & Membership plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Registration versions = 4.4.6...

6.4CVSS5.6AI score0.00273EPSS