CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1151 matches found

CVE•added 2025/12/24 1:10 p.m.•7 views

CVE-2025-67622

Technical details for CVE-2025-67622 are not provided in the supplied documents. Monitor for updates from official advisories; current data mentions CSRF and Stored XSS claims but lacks concrete product/version/impact details.

7.1CVSS6.3AI score0.00097EPSS

Exploits0References1

Vulnrichment•added 2025/12/24 12:31 p.m.•2 views

CVE-2025-68525 WordPress Category Icon plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Category Icon category-icon allows Stored XSS.This issue affects Category Icon: from n/a through = 1.0.2...

5.9CVSS5.6AI score0.00148EPSS

Exploits0References1

Vulnrichment•added 2025/12/23 7:34 p.m.•3 views

CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

6.1CVSS5.8AI score0.00235EPSS

Exploits1References3

CVE•added 2025/12/23 11:13 a.m.•13 views

CVE-2025-14000

CVE-2025-14000 (CWE-79): The WordPress plugin “Membership Plugin – Restrict Content” is vulnerable to stored XSS via the plugin’s register_form and restrict shortcodes in versions up to 3.2.15 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access a...

6.4CVSS4.7AI score0.00201EPSS

Exploits0References6

RedhatCVE•added 2025/12/21 4:12 a.m.•13 views

CVE-2025-14735

The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.002EPSS

Exploits0References1

Cvelist•added 2025/12/21 3:20 a.m.•17 views

CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00197EPSS

Exploits0References4

NVD•added 2025/12/20 9:15 a.m.•2 views

CVE-2025-14298

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.4CVSS0.00266EPSS

Exploits0References5

Vulnrichment•added 2025/12/19 8:23 a.m.•1 views

CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.6AI score0.00275EPSS

Exploits0References3

NVD•added 2025/12/19 8:15 a.m.•3 views

CVE-2025-66521

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

6.3CVSS0.001EPSS

Exploits0References1

CVE•added 2025/12/18 7:53 p.m.•9 views

CVE-2022-50683

CVE-2022-50683 concerns a stored cross-site scripting vulnerability in Kentico Xperience, arising from unvalidated form redirect URL configuration. The issue allows injection of malicious scripts that execute in users’ browsers in the context of the affected platform. Connected sources (CNVD, EUV...

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2Affected Software1

NVD•added 2025/12/17 11:15 p.m.•4 views

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS0.00267EPSS

Exploits1References3

CVE•added 2025/12/17 10:44 p.m.•9 views

CVE-2023-53910

WBCE CMS 1.6.1 has a stored XSS vulnerability in the WYSIWYG editor: authenticated attackers can inject JavaScript by sending malicious content to /wbce/modules/wysiwyg/save.php (content parameter), which executes when pages are viewed. Root cause: improper input handling in page content. Impact:...

5.4CVSS5.7AI score0.00267EPSS

Exploits1References3Affected Software1

CVE•added 2025/12/17 9:53 p.m.•9 views

CVE-2025-68275

ChurchCRM prior to version 6.5.3 contains a stored cross-site scripting vulnerability on the View Active People, View Inactive People, and View All People pages. The root cause is lack of effective filtering and escaping of user-supplied data on these listings, allowing an attacker to inject scri...

9.2CVSS5.7AI score0.0017EPSS

Exploits1References1Affected Software1

CVE•added 2025/12/17 6:21 p.m.•16 views

CVE-2025-13217

The CVE CVE-2025-13217 is an authenticated Stored XSS in Ultimate Member for WordPress, triggered via the YouTube video URL field in profile-related input. The issue arises from insufficient input sanitization and output escaping in um_profile_field_filter_hook__youtube_video(), allowing Subscrib...

6.4CVSS4.7AI score0.00255EPSS

Exploits0References3

Vulnrichment•added 2025/12/17 3:20 a.m.•0 views

CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...

6.4CVSS4.8AI score0.00265EPSS

Exploits0References5

Vulnrichment•added 2025/12/16 5:3 p.m.•1 views

CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...

5.4CVSS5.6AI score0.00205EPSS

Exploits1References3

EUVD•added 2025/12/16 9:31 a.m.•2 views

EUVD-2025-203540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Portfolio salient-portfolio allows Stored XSS.This issue affects Salient Portfolio: from n/a through = 1.8.2...

5.5AI score0.00133EPSS

Exploits0References2

Cvelist•added 2025/12/15 2:25 p.m.•20 views

CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in all versions up to, and including, 4.4.6 due to...

6.4CVSS0.00273EPSS

Exploits0References3

Vulnrichment•added 2025/12/13 8:21 a.m.•1 views

CVE-2025-8780 Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Hero Header and Pricing Table widgets in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS4.7AI score0.00192EPSS

Exploits0References4

Vulnrichment•added 2025/12/13 7:21 a.m.•3 views

CVE-2025-8779 All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS4.7AI score0.00185EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by