CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.4AI score0.00613EPSS

WordPress plugin Simple CSV Table 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...

Positive Technologies•added 2025/12/12 12:0 a.m.•9 views

PT-2025-50808

Name of the Vulnerable Software and Affected Versions Player Leaderboard plugin for WordPress versions up to and including 1.0.2 Description The Player Leaderboard plugin for WordPress is susceptible to Local File Inclusion through the 'player leaderboard' shortcode. The issue stems from the plug...

8.8CVSS7.1AI score0.00691EPSS

Exploits0References8

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50837

The Reviews Sorted plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'space' parameter of the reviews-slider shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.1AI score0.00298EPSS

Exploits0References12

6.4CVSS6AI score0.00228EPSS

WordPress plugin GPXpress 跨站脚本漏洞

WordPress GPXpress plugin is a plugin for WordPress that is mainly used to embed aesthetically pleasing maps to display GPX paths. A cross-site scripting vulnerability exists in the WordPress GPXpress plugin, which stems from the lack of effective filtering and escaping of user-supplied data in t...

6.4CVSS5.7AI score0.00181EPSS

WordPress plugin WP Flot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50834

The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'latestdive' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00188EPSS

Exploits0References5

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50831

The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00181EPSS

6.4CVSS5.7AI score0.00188EPSS

WordPress plugin Paypal Payment Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

Exploits0References5

Positive Technologies•added 2025/12/12 12:0 a.m.•6 views

PT-2025-50800

The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'ljuser' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.1AI score0.00185EPSS

6.4CVSS5.8AI score0.00236EPSS

WordPress plugin BUKAZU Search widget 跨站脚本漏洞

Positive Technologies•added 2025/12/12 12:0 a.m.•8 views

PT-2025-50908

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

6.5CVSS5.8AI score0.00613EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•2 views

PT-2025-50835

The FX Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fxcc convert' shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00188EPSS

Exploits0References5

6.4CVSS5.8AI score0.00181EPSS

WordPress plugin VigLink SpotLight By ShortCode 跨站脚本漏洞

6.4CVSS5.7AI score0.00188EPSS

WordPress plugin Mailgun Subscriptions 跨站脚本漏洞

Positive Technologies•added 2025/12/12 12:0 a.m.•5 views

PT-2025-50806

The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class name' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

6.4CVSS5AI score0.00152EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•4 views

PT-2025-50851

The App Landing Template Blocks for WPBakery Visual Composer Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'atvc video play' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS4.9AI score0.00181EPSS

6.4CVSS5.7AI score0.00185EPSS

WordPress plugin LJUsers 跨站脚本漏洞

6.4CVSS6.2AI score0.00228EPSS

WordPress plugin Hide Email Address 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Hide Email Address plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the inlinecss...