CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2096 matches found

Vulnrichment•added 2025/10/15 5:23 a.m.•2 views

CVE-2025-8561 Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00211EPSS

Exploits0References3

CNNVD•added 2025/10/15 12:0 a.m.•3 views

WordPress plugin TARIFFUXX SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

6.5CVSS8.2AI score0.0028EPSS

Exploits0References4

Positive Technologies•added 2025/10/15 12:0 a.m.•2 views

PT-2025-42237

6.4CVSS5AI score0.00211EPSS

Exploits0References4

Cvelist•added 2025/10/11 9:28 a.m.•6 views

CVE-2025-7652 Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00176EPSS

Exploits0References2

RedhatCVE•added 2025/10/11 6:25 a.m.•10 views

CVE-2025-10124

The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted...

6.5CVSS6.8AI score0.00241EPSS

Exploits0References1