CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/10/03 11:17 a.m.•12 views

CVE-2025-9129

CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...

Vulnrichment•added 2025/10/03 11:17 a.m.•2 views

CVE-2025-9859 Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Cvelist•added 2025/10/03 11:17 a.m.•6 views

CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection

The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS0.00033EPSS

Vulnrichment•added 2025/10/03 11:17 a.m.•1 views

CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection

6.5CVSS5.9AI score0.00033EPSS

Vulnrichment•added 2025/10/03 11:17 a.m.•0 views

CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE•added 2025/10/03 11:17 a.m.•11 views

CVE-2025-10192

CVE-2025-10192 – WP Photo Effects (WordPress) is an authenticated Stored XSS vulnerability in the wppe_effect shortcode affecting all versions up to 1.2.4. The issue arises from insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing an attacker with co...

CVE•added 2025/10/03 11:17 a.m.•11 views

CVE-2025-9876

CVE-2025-9876 affects the WordPress Ird Slider plugin (versions ≤ 1.0.2). It is a stored XSS due to insufficient input sanitization and output escaping on the irdslider shortcode attributes, exploitable by authenticated attackers with contributor-level access or higher. The impact is arbitrary sc...

6.4CVSS4.7AI score0.00038EPSS

Cvelist•added 2025/10/03 11:17 a.m.•6 views

CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00033EPSS

NVD•added 2025/09/30 11:37 a.m.•1 views

CVE-2025-9852

The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS0.00035EPSS

NVD•added 2025/09/30 11:37 a.m.•1 views

CVE-2025-10191

The Big Post Shipping for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wooboigpostshippingstatus' shortcode in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00043EPSS

Exploits0References4

NVD•added 2025/09/30 11:37 a.m.•2 views

CVE-2025-10182

The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00035EPSS