CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/11/17 10:27 p.m.•5 views

CVE-2025-7711 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description

5.4CVSS0.00191EPSS

Exploits0References2

Vulnrichment•added 2025/11/17 10:27 p.m.•2 views

CVE-2025-7711 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description

5.4CVSS6.1AI score0.00191EPSS

Exploits0References2

Patchstack•added 2025/11/17 9:58 p.m.•7 views

WordPress Classified Listing plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Listing Description vulnerability discovered by Kishan Vyas in WordPress Plugin Classified Listing versions = 5.0.3...

5.4CVSS7.1AI score0.00191EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/17 12:0 a.m.•5 views

PT-2025-47216

Name of the Vulnerable Software and Affected Versions The Classified Listing – Classified ads & Business Directory Plugin versions prior to 5.0.4 Description The Classified Listing – Classified ads & Business Directory Plugin for WordPress is susceptible to arbitrary shortcode execution. This...

5.4CVSS7AI score0.00191EPSS

Exploits0References5

RedhatCVE•added 2025/11/14 9:9 a.m.•11 views

CVE-2025-11769

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

NVD•added 2025/11/13 9:15 a.m.•7 views

CVE-2025-11769

6.4CVSS0.00189EPSS

Cvelist•added 2025/11/13 8:27 a.m.•8 views

CVE-2025-11769 WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00189EPSS

Vulnrichment•added 2025/11/13 8:27 a.m.•2 views

CVE-2025-11769 WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00189EPSS

CVE•added 2025/11/13 8:27 a.m.•17 views

CVE-2025-8397

The CVE concerns the WordPress plugin Save as PDF Button. All versions up to 1.9.2 are vulnerable to Stored Cross-Site Scripting via the restpackpdfbutton shortcode due to insufficient sanitization/escaping of user attributes. Authenticated attackers with contributor-level access (or higher) can ...

6.4CVSS4.7AI score0.00199EPSS

Positive Technologies•added 2025/11/13 12:0 a.m.•8 views

PT-2025-46794

Name of the Vulnerable Software and Affected Versions Save as PDF Button plugin for WordPress versions prior to 1.9.3 Description The software has a flaw due to insufficient input sanitization and output escaping on user-supplied attributes within the restpackpdfbutton shortcode. This allows...

6.4CVSS6.5AI score0.00199EPSS

Exploits0References5

Positive Technologies•added 2025/11/13 12:0 a.m.•6 views

PT-2025-46792

Name of the Vulnerable Software and Affected Versions WordPress Content Flipper plugin versions up to and including 0.1 Description The WordPress Content Flipper plugin is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the 'bgcolor'...

6.4CVSS5.9AI score0.00189EPSS

Exploits0References5

RedhatCVE•added 2025/11/12 3:47 a.m.•16 views

CVE-2025-12010

The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from AuthorsListShortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to ca...

6.5CVSS6.1AI score0.00335EPSS

RedhatCVE•added 2025/11/12 3:47 a.m.•13 views

CVE-2025-12711

The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sharetogoogle shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5AI score0.00157EPSS

RedhatCVE•added 2025/11/12 3:47 a.m.•9 views

CVE-2025-12667

The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2025/11/12 3:47 a.m.•8 views

CVE-2025-12671

The WP-Iconics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpiconics' shortcode in all versions up to, and including, 0.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2025/11/12 3:47 a.m.•12 views

CVE-2025-12753

The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmzezchart' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for...

RedhatCVE•added 2025/11/12 3:47 a.m.•12 views

CVE-2025-12662

The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

RedhatCVE•added 2025/11/12 3:46 a.m.•10 views

CVE-2025-12754

The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter of the 'geopost' shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...