CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8993 matches found

EUVD•added 2025/12/21 3:31 a.m.•4 views

EUVD-2025-204650

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS4.6AI score0.00199EPSS

Exploits0References6

EUVD•added 2025/12/21 3:31 a.m.•7 views

EUVD-2025-204649

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS6.5AI score0.0056EPSS

Exploits0References6

EUVD•added 2025/12/21 3:31 a.m.•5 views

EUVD-2025-204653

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter of the 'wishsuitebutton' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00197EPSS

Exploits0References6

CVE•added 2025/12/21 3:20 a.m.•13 views

CVE-2025-13220

Summary of the CVE (CVE-2025-13220) : The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress (affected versions up to 2.11.0) is vulnerable to a Stored Cross-Site Scripting (XSS) via shortcode attributes. The root cause is ...

6.4CVSS4.7AI score0.0021EPSS

Exploits0References8

Cvelist•added 2025/12/21 3:20 a.m.•17 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input...

6.4CVSS0.0021EPSS

Exploits0References8

Vulnrichment•added 2025/12/21 3:20 a.m.•2 views

CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.0021EPSS

Exploits0References8

NVD•added 2025/12/21 3:15 a.m.•9 views

CVE-2025-14071

7.5CVSS0.0056EPSS

Exploits0References6

NVD•added 2025/12/21 3:15 a.m.•4 views

CVE-2025-14054

4.4CVSS0.00199EPSS

Exploits0References4

OSV•added 2025/12/21 3:15 a.m.•7 views

CVE-2025-14071

7.5CVSS6.9AI score

Exploits0References6

NVD•added 2025/12/21 3:15 a.m.•9 views

CVE-2025-13838

6.4CVSS0.00197EPSS

Exploits0References4

Vulnrichment•added 2025/12/21 2:20 a.m.•3 views

CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

4.4CVSS4.6AI score0.00199EPSS

Exploits0References4

Cvelist•added 2025/12/21 2:20 a.m.•16 views

CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

4.4CVSS0.00199EPSS

Exploits0References4

CVE•added 2025/12/21 2:20 a.m.•18 views

CVE-2025-13838

WishSuite – Wishlist for WooCommerce has a stored XSS in the button_text attribute of the wishsuite_button shortcode, affecting all versions up to and including 1.5.1. Exploitation requires authenticated access at Contributor level or higher; an attacker can inject scripts that run in pages viewe...

6.4CVSS4.8AI score0.00197EPSS

Exploits0References4

Cvelist•added 2025/12/21 2:20 a.m.•13 views

CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

6.4CVSS0.00197EPSS

Exploits0References4

Positive Technologies•added 2025/12/21 12:0 a.m.•9 views

PT-2025-52572

Name of the Vulnerable Software and Affected Versions WishSuite versions up to and including 1.5.1 Description The WishSuite plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the 'button text' parameter of the...

6.4CVSS5.8AI score0.00197EPSS

Exploits0References9

RedhatCVE•added 2025/12/20 9:15 a.m.•6 views

CVE-2025-11747

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.9AI score0.00275EPSS

Exploits0References1

EUVD•added 2025/12/20 6:30 a.m.•3 views

EUVD-2025-204628

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS4.7AI score0.00171EPSS

Exploits0References3

NVD•added 2025/12/20 4:16 a.m.•5 views

CVE-2025-14721

5.5CVSS0.00171EPSS

Exploits0References2

CVE•added 2025/12/20 3:20 a.m.•20 views

CVE-2025-14721

CVE-2025-14721 affects the WordPress plugin Responsive and Swipe Slider . It exposes a Stored Cross-Site Scripting (XSS) vulnerability via the plugin’s rsSlider shortcode in all versions up to and including 1.0.2, due to insufficient input sanitization and output escaping on user-supplied attribu...

5.5CVSS4.7AI score0.00171EPSS

Exploits0References2

Vulnrichment•added 2025/12/20 3:20 a.m.•2 views

CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

5.5CVSS4.7AI score0.00171EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by