CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CNVD•added 2026/01/19 12:0 a.m.•3 views

WordPress SpiceForms Form Builder plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SpiceForms Form Builder plugin, which stems from the lack of effective filtering and escaping of user-supplied data ...

6.4CVSS6AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2026/01/15 6:21 a.m.•2 views

CVE-2025-12178

The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00016EPSS

Exploits0References1

NVD•added 2026/01/14 6:15 a.m.•1 views

CVE-2025-12178

6.4CVSS0.00016EPSS

Exploits0References2

CVE•added 2026/01/14 5:28 a.m.•10 views

CVE-2025-12178

The CVE-2025-12178 entry covers a Stored Cross-Site Scripting vulnerability in the WordPress plugin SpiceForms Form Builder (versions

6.4CVSS4.7AI score0.00016EPSS

Exploits0References2

Cvelist•added 2026/01/14 5:28 a.m.•23 views

CVE-2025-12178 SpiceForms Form Builder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00016EPSS

Exploits0References2

Vulnrichment•added 2026/01/14 5:28 a.m.•2 views

CVE-2025-12178 SpiceForms Form Builder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00016EPSS

Exploits0References2

CNNVD•added 2026/01/14 12:0 a.m.•3 views

WordPress plugin SpiceForms Form Builder 跨站脚本漏洞

6.4CVSS5.9AI score0.00016EPSS

Exploits0References3

Positive Technologies•added 2026/01/14 12:0 a.m.•3 views

PT-2026-2807

6.4CVSS5AI score0.00016EPSS

Exploits0References3

Patchstack•added 2026/01/13 10:38 p.m.•3 views

WordPress SpiceForms Form Builder plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SpiceForms Form Builder versions = 1.0...

6.4CVSS5.8AI score0.00016EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by