CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/11/21 7:31 a.m.•20 views

CVE-2025-12660

CVE-2025-12660 – Padlet Shortcode (Wallwisher) Stored XSS (WordPress) Affected software: Padlet Shortcode plugin for WordPress (shortcode wallwisher, parameter key) up to version 1.3. Description and connected sources confirm a Stored Cross-Site Scripting flaw caused by insufficient input sanitiz...

6.4CVSS4.8AI score0.00194EPSS

Cvelist•added 2025/11/21 7:31 a.m.•6 views

CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00194EPSS

EUVD•added 2025/11/21 7:31 a.m.•4 views

EUVD-2025-198401

6.4CVSS4.7AI score0.00194EPSS

Exploits0References5

CNNVD•added 2025/11/21 12:0 a.m.•3 views

WordPress plugin Display Pages Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Display Pages Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

6.4CVSS6AI score0.00194EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•5 views

PT-2025-47706

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

8CVSS7.7AI score0.0031EPSS

Exploits0References1

Positive Technologies•added 2025/11/21 12:0 a.m.•6 views

PT-2025-47685

The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for...

Positive Technologies•added 2025/11/21 12:0 a.m.•4 views

PT-2025-47675

The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column count' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00194EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•4 views

PT-2025-47676

The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' parameter in the notification shortcode in all versions up to, and including, 1.1. This is due to missing input sanitization and output escaping. This makes it possible for authenticated...

Positive Technologies•added 2025/11/21 12:0 a.m.•6 views

PT-2025-47705

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

Positive Technologies•added 2025/11/21 12:0 a.m.•3 views

PT-2025-47695

6.4CVSS5.1AI score0.00194EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•3 views

PT-2025-47678

The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tip' shortcode in all versions up to, and including, 0.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CNNVD•added 2025/11/21 12:0 a.m.•4 views

WordPress plugin Tips Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00162EPSS

Positive Technologies•added 2025/11/21 12:0 a.m.•3 views

PT-2025-47684

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

Positive Technologies•added 2025/11/21 12:0 a.m.•3 views

PT-2025-47700

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CNNVD•added 2025/11/21 12:0 a.m.•1 views

WordPress plugin Surbma | MiniCRM Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00162EPSS

CNNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress plugin Padlet Shortcode 跨站脚本漏洞

6.4CVSS5.9AI score0.00194EPSS

CNNVD•added 2025/11/21 12:0 a.m.•3 views

WordPress plugin Pollcaster Shortcode Plugin 跨站脚本漏洞

6.4CVSS5.9AI score0.00194EPSS