CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8992 matches found

Patchstack•added 2026/01/08 11:3 p.m.•7 views

WordPress The Tooltip plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin The Tooltip versions = 1.0.2...

6.4CVSS5.8AI score0.00239EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/08 11:2 p.m.•6 views

WordPress WP Popup Magic plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Popup Magic versions = 1.0.0...

6.4CVSS5.8AI score0.00191EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/08 11:1 p.m.•6 views

WordPress Nearby Now Reviews plugin <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Nearby Now Reviews versions = 5.2...

6.4CVSS5.8AI score0.00191EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/08 6:6 p.m.•7 views

WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin User Registration versions = 4.4.9...

8.1CVSS5.5AI score0.00162EPSS

Exploits0Affected Software1

Patchstack•added 2026/01/08 2:41 p.m.•5 views

WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Arbitrary Shortocde Execution vulnerability discovered by Kishan Vyas in WordPress Plugin GiveWP versions = 4.13.1...

7.8CVSS7.1AI score0.00233EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/08 3:14 a.m.•5 views

CVE-2025-14552

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00155EPSS

Exploits0References1

NVD•added 2026/01/07 12:16 p.m.•3 views

CVE-2025-14835

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS0.0023EPSS

Exploits0References6

NVD•added 2026/01/07 12:16 p.m.•4 views

CVE-2025-14626

The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.42 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00234EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•3 views

CVE-2025-14147

The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00181EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•4 views

CVE-2025-14145

The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS0.00235EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•5 views

CVE-2025-14121

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00181EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•2 views

CVE-2025-14122

The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00279EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•5 views

CVE-2025-14053

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00234EPSS

Exploits0References3

NVD•added 2026/01/07 12:16 p.m.•3 views

CVE-2025-13841

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00235EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:32 a.m.•9 views

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...

5.4CVSS6AI score0.01072EPSS

Exploits1References1

CVE•added 2026/01/07 9:21 a.m.•14 views

CVE-2025-14122

CVE-2025-14122 concerns the AD Sliding FAQ plugin for WordPress. The connected Wordfence report confirms a stored XSS vulnerability via the sliding_faq shortcode, affecting all versions up to and including 2.4, caused by insufficient input sanitization and output escaping on user-supplied attribu...

6.4CVSS4.7AI score0.00279EPSS

Exploits0References3

Vulnrichment•added 2026/01/07 9:21 a.m.•1 views

CVE-2025-14122 AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.00279EPSS

Exploits0References3

Cvelist•added 2026/01/07 9:21 a.m.•24 views

CVE-2025-14122 AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00279EPSS

Exploits0References3

CVE•added 2026/01/07 9:21 a.m.•16 views

CVE-2025-14121

CVE-2025-14121 affects the WordPress plugin EDD Download Info (EDD Download Info). Affected versions: all up to 1.1. Root cause: insufficient input sanitization and output escaping in the shortcode attribute edd_download_info_link . Impact: Stored Cross-Site Scripting enabling authenticated attac...

6.4CVSS4.7AI score0.00181EPSS

Exploits0References3

Cvelist•added 2026/01/07 9:21 a.m.•24 views

CVE-2025-14121 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00181EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by