CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8994 matches found

Vulnrichment•added 2025/12/17 4:31 a.m.•2 views

CVE-2025-14385 WP Recipe Maker <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item shortcode. This makes ...

6.4CVSS4.8AI score0.00279EPSS

Exploits0References5

EUVD•added 2025/12/17 4:31 a.m.•3 views

EUVD-2025-203869

6.4CVSS4.7AI score0.00279EPSS

Exploits0References6

Cvelist•added 2025/12/17 4:31 a.m.•27 views

CVE-2025-14385 WP Recipe Maker <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00279EPSS

Exploits0References5

CVE•added 2025/12/17 4:31 a.m.•15 views

CVE-2025-14385

CVE-2025-14385 (WP Recipe Maker) : The WordPress plugin WP Recipe Maker is vulnerable to Stored Cross‑Site Scripting via the name attribute in the wprm-recipe-roundup-item shortcode in all versions up to 10.2.3. The vulnerability can be exploited by an authenticated attacker with Contributor-leve...

6.4CVSS4.8AI score0.00279EPSS

Exploits0References5

Positive Technologies•added 2025/12/17 12:0 a.m.•5 views

PT-2025-51812

Name of the Vulnerable Software and Affected Versions WP Recipe Maker plugin for WordPress versions up to and including 10.2.3 Description The WP Recipe Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00279EPSS

Exploits0References11

Patchstack•added 2025/12/16 11:4 p.m.•5 views

WordPress WP Recipe Maker plugin <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abhinav Jaswal wrathexe - Self employed in WordPress Plugin WP Recipe Maker versions = 10.2.3...

6.4CVSS5.6AI score0.00279EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/16 2:49 p.m.•5 views

CVE-2025-13610

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RMForms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input sanitization and output...

6.4CVSS4.9AI score0.00159EPSS

Exploits0References1

RedhatCVE•added 2025/12/16 2:49 p.m.•4 views

CVE-2025-13608

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'childpages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes usecustomlink, usecustomlinktarget,...

6.4CVSS4.9AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2025/12/16 2:49 p.m.•4 views

CVE-2025-13367

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS5AI score0.00273EPSS

Exploits0References1

RedhatCVE•added 2025/12/16 2:49 p.m.•4 views

CVE-2025-13728

The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fluentauthresetpassword shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping o...

6.4CVSS4.9AI score0.00155EPSS

Exploits0References1

Patchstack•added 2025/12/16 12:49 p.m.•5 views

WordPress HelloLeads CRM Form Shortcode plugin <= 1.0 - Unauthenticated Settings Reset vulnerability

Unauthenticated Settings Reset vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin HelloLeads CRM Form Shortcode versions = 1.0...

5.3CVSS6.7AI score0.00117EPSS

Exploits0References1Affected Software1

CNVD•added 2025/12/16 12:0 a.m.•3 views

WordPress Widgets For Google Reviews Cross-Site Scripting Vulnerability

WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...

6.4CVSS5.9AI score0.00221EPSS

Exploits0References1

Patchstack•added 2025/12/15 11:2 p.m.•4 views

WordPress FluentAuth - Auth Security Plugin plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode vulnerability

WordPress FluentAuth - Auth Security Plugin plugin = 2.0.3 - Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentauthresetpassword' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FluentAuth – The Ultimate Authorization & Security Plugin for WordPress...

6.4CVSS5.6AI score0.00155EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/15 11:0 p.m.•7 views

WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...

6.4CVSS5.6AI score0.00155EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/12/15 10:59 p.m.•6 views

WordPress User Registration & Membership plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Registration versions = 4.4.6...

6.4CVSS5.6AI score0.00273EPSS

Exploits0References1Affected Software1

NVD•added 2025/12/15 3:15 p.m.•6 views

CVE-2025-13367

6.4CVSS0.00273EPSS

Exploits0References3

NVD•added 2025/12/15 3:15 p.m.•3 views

CVE-2025-13728

6.4CVSS0.00155EPSS

Exploits0References2

Vulnrichment•added 2025/12/15 2:25 p.m.•2 views

CVE-2025-13728 FluentAuth - Auth Security Plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode

6.4CVSS4.7AI score0.00155EPSS

Exploits0References2

EUVD•added 2025/12/15 2:25 p.m.•4 views

EUVD-2025-203364

6.4CVSS4.6AI score0.00155EPSS

Exploits0References3

CVE•added 2025/12/15 2:25 p.m.•15 views

CVE-2025-13610

CVE-2025-13610 affects the RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login WordPress plugin. The vulnerability is a stored Cross-Site Scripting via the RM_Forms shortcode due to insufficient input sanitization and output escaping of the theme attribute, e...

6.4CVSS4.7AI score0.00159EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by