CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/09/22 6:25 p.m.•20 views

CVE-2025-59587

CVE-2025-59587 is a DOM-based XSS in the WordPress plugin Penci Shortcodes & Performance. The vulnerability requires authenticated access (Contributor+), affects versions before the fix, and has a CVSS v3.1 base score of 6.5 (Medium). Wordfence indicates the issue is addressed in a 6.1+ release, ...

6.5CVSS5.9AI score0.00155EPSS

Cvelist•added 2025/09/22 6:25 p.m.•11 views

CVE-2025-59587 WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00155EPSS

Patchstack•added 2025/09/22 6:24 p.m.•5 views

WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Shortcodes & Performance versions 6.1...

6.5CVSS6.1AI score0.00155EPSS

Exploits0Affected Software1

CNNVD•added 2025/09/22 12:0 a.m.•2 views

WordPress plugin Penci Shortcodes & Performance 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which has the ability to host personal blog sites on PHP and MySQL based servers.WordPres...

6.5CVSS5.9AI score0.00155EPSS

Positive Technologies•added 2025/09/22 12:0 a.m.•5 views

PT-2025-39057

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Shortcodes & Performance affected versions not specified Description The software contains a flaw related to improper input handling during web page creation, leading to a Cross-site Scripting issue. Specifically, this...

6.5CVSS5.8AI score0.00155EPSS

RedhatCVE•added 2025/09/19 4:19 a.m.•3 views

CVE-2025-10125

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00254EPSS

RedhatCVE•added 2025/09/19 2:22 a.m.•14 views

CVE-2025-10166

The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00223EPSS

CNVD•added 2025/09/19 12:0 a.m.•4 views

WordPress Social Media Shortcodes plugin cross-site scripting vulnerability

WordPress Social Media Shortcodes plugin is a shortcode Shortcodes to quickly embed social media features into the WordPress website plugin, mainly used to simplify the implementation of social media sharing, login, comments and other features. A cross-site scripting vulnerability exists in the...

6.4CVSS6.1AI score0.00223EPSS

CNVD•added 2025/09/19 12:0 a.m.•3 views

WordPress Memberlite Shortcodes plugin cross-site scripting vulnerability

WordPress Memberlite Shortcodes plugin is a plugin used to extend the functionality of the theme, mainly used to add additional features to the WordPress theme, such as content display controls, layout tools, etc., while allowing users to use specific features without completely replacing the...

6.4CVSS6.1AI score0.00254EPSS

NVD•added 2025/09/17 4:15 a.m.•4 views

CVE-2025-10125

6.4CVSS0.00254EPSS

CVE•added 2025/09/17 4:1 a.m.•21 views

CVE-2025-10125

The CVE-2025-10125 issue affects the WordPress plugin Memberlite Shortcodes (versions prior to or up to 1.4). The vulnerability is a Stored Cross‑Site Scripting flaw in the grid/“row” shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: auth...

6.4CVSS4.7AI score0.00254EPSS

Cvelist•added 2025/09/17 4:1 a.m.•6 views

CVE-2025-10125 Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00254EPSS

Vulnrichment•added 2025/09/17 4:1 a.m.•3 views

CVE-2025-10125 Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00254EPSS

CVE•added 2025/09/17 1:49 a.m.•22 views

CVE-2025-10166

CVE-2025-10166 describes a Stored Cross-Site Scripting flaw in the WordPress plugin Social Media Shortcodes (versions up to and including 1.3.1). The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes of the plugin’s twitter shortcode, enabli...

6.4CVSS4.7AI score0.00223EPSS

Cvelist•added 2025/09/17 1:49 a.m.•5 views

CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00223EPSS

Vulnrichment•added 2025/09/17 1:49 a.m.•2 views

CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00223EPSS

Positive Technologies•added 2025/09/17 12:0 a.m.•6 views

PT-2025-38098

Name of the Vulnerable Software and Affected Versions: Social Media Shortcodes plugin for WordPress versions up to and including 1.3.1 Description: The Social Media Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s twitter shortcode. Insufficient...

6.4CVSS5AI score0.00223EPSS

Exploits0References9

Positive Technologies•added 2025/09/17 12:0 a.m.•4 views

PT-2025-38111

Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions prior to 1.5 Description: The Memberlite Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'row' shortcode. Insufficient input sanitization and output...

6.4CVSS5.1AI score0.00254EPSS

Exploits0References8

CNNVD•added 2025/09/17 12:0 a.m.•1 views

WordPress plugin Social Media Shortcodes 跨站脚本漏洞

6.4CVSS6AI score0.00223EPSS