Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8994 matches found

Cvelist
Cvelistadded 2025/12/15 2:25 p.m.19 views

CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RMForms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input sanitization and output...

6.4CVSS0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/15 2:25 p.m.3 views

CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RMForms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input sanitization and output...

6.4CVSS4.7AI score0.00159EPSS
Exploits0References2
EUVD
EUVDadded 2025/12/15 2:25 p.m.4 views

EUVD-2025-203369

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS4.7AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/12/15 2:25 p.m.21 views

CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS0.00273EPSS
Exploits0References3
CVE
CVEadded 2025/12/15 2:25 p.m.14 views

CVE-2025-13367

CVE-2025-13367 affects the WordPress plugin “User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin” (aka user-registration). The issue is a Stored Cross-Site Scripting (XSS) vulnerability via multiple shortcode ...

6.4CVSS4.8AI score0.00273EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/12/15 2:25 p.m.1 views

CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS4.8AI score0.00273EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/12/15 2:25 p.m.2 views

CVE-2025-13608 CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'childpages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes usecustomlink, usecustomlinktarget,...

6.4CVSS4.7AI score0.00155EPSS
Exploits0References2
CVE
CVEadded 2025/12/15 2:25 p.m.14 views

CVE-2025-13608

CVE-2025-13608 affects the CC Child Pages plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting in the show_child_pages function via the shortcode [child_pages], due to insufficient sanitization/output escaping of four user-supplied shortcode attributes (use_custom_link, use_cu...

6.4CVSS4.7AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/15 2:25 p.m.23 views

CVE-2025-13608 CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode

The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'childpages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes usecustomlink, usecustomlinktarget,...

6.4CVSS0.00155EPSS
Exploits0References2
NVD
NVDadded 2025/12/15 4:15 a.m.4 views

CVE-2025-13740

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/15 3:20 a.m.1 views

CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS4.7AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/15 3:20 a.m.23 views

CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00155EPSS
Exploits0References2
EUVD
EUVDadded 2025/12/15 3:20 a.m.3 views

EUVD-2025-203329

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS4.7AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/15 12:0 a.m.4 views

PT-2025-51226

The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fluent auth reset password shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escapin...

6.4CVSS5AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/15 12:0 a.m.6 views

PT-2025-51223

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS5.1AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/12/15 12:0 a.m.3 views

PT-2025-51188

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5AI score0.00155EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/12/14 8:45 a.m.7 views

CVE-2025-9856

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpopup' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user...

6.4CVSS5AI score0.00285EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/14 6:30 a.m.3 views

EUVD-2025-203286

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them...

6.3AI score0.00117EPSS
Exploits0References3
CVE
CVEadded 2025/12/14 6:0 a.m.15 views

CVE-2025-12696

CVE-2025-12696 affects the WordPress HelloLeads CRM Form Shortcode plugin (versions

5.3CVSS6.5AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/14 6:0 a.m.17 views

CVE-2025-12696 HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset

The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them...

0.00117EPSS
Exploits0References1
Rows per page
Query Builder