CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1151 matches found

Cvelist•added 2025/09/26 1:47 a.m.•6 views

CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbdfeaturedimage' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00218EPSS

Exploits0References5

Positive Technologies•added 2025/09/26 12:0 a.m.•3 views

PT-2025-39648

Name of the Vulnerable Software and Affected Versions Todoist version 8484 Description The application does not properly validate the MIME type and sanitize image metadata during avatar uploads, leading to a stored cross-site scripting issue. This allows for the execution of malicious scripts...

6.1CVSS6AI score0.0022EPSS

Exploits1References6

Positive Technologies•added 2025/09/26 12:0 a.m.•1 views

PT-2025-39571

Name of the Vulnerable Software and Affected Versions Ryan Hellyer Simple Colorbox versions through 1.6.1 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instance allows for Stored XS...

6.5CVSS5.5AI score0.00191EPSS

Exploits0References3

RedhatCVE•added 2025/09/24 6:30 p.m.•2 views

CVE-2025-58267

Cross-Site Request Forgery CSRF vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through = 1.1.0...

7.1CVSS5.9AI score0.00118EPSS

Exploits0References1

CVE•added 2025/09/23 6:47 p.m.•94 views

CVE-2025-58674

CVE-2025-58674 corresponds to a Stored XSS in WordPress core. Affected are WordPress versions from 4.7 through 6.8.2 and many 5.x/6.x branches listed in the entry; exploitation requires an attacker with Author or higher privileges and some user interaction. The issue is rated medium (CVSSv3.1: AV...

5.9CVSS5.4AI score0.00199EPSS

Exploits0References2

NVD•added 2025/09/23 4:15 p.m.•6 views

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

5.4CVSS0.00196EPSS

Exploits0References2

Vulnrichment•added 2025/09/23 2:55 p.m.•1 views

CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher

An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...

4.8CVSS5.2AI score0.0017EPSS

Exploits0References1

NVD•added 2025/09/22 7:16 p.m.•4 views

CVE-2025-58261

Cross-Site Request Forgery CSRF vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Redirection: from n/a through = 1.4.3...

7.1CVSS0.00118EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:26 p.m.•13 views

CVE-2025-58956 WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through 1.29...

7.1CVSS0.00118EPSS

Exploits0References1

CVE•added 2025/09/22 6:26 p.m.•22 views

CVE-2025-58956

CVE-2025-58956 is a CSRF-induced Stored XSS in the WordPress plugin WP Attractive Donations System (WP Attractive Donations System – easy stripe/paypal donations). The Vulnerability Type is Cross-Site Request Forgery enabling Stored XSS. CVSS base score is 7.1 (3.1-era metrics: AV:N/AC:L/PR:N/UI:...

7.1CVSS5.9AI score0.00118EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:25 p.m.•3 views

CVE-2025-57918 WordPress LinkedInclude Plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through = 3.0.4...

7.1CVSS5.9AI score0.00135EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:24 p.m.•2 views

CVE-2025-57956 WordPress WooMS Plugin <= 9.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12...

5.9CVSS5.6AI score0.00276EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:24 p.m.•9 views

CVE-2025-57993 WordPress Geolocation IP Detection plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through = 5.5.0...

6.5CVSS0.0019EPSS

Exploits0References1

CVE•added 2025/09/22 6:23 p.m.•11 views

CVE-2025-58261

CVE-2025-58261 is a CSRF-driven Stored XSS in the Mavis HTTPS to HTTP Redirection WordPress plugin (mavis-https-to-http-redirect) affecting versions up to 1.4.3. The entry shows CVSS 3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and CHANG...

7.1CVSS5.9AI score0.00118EPSS

Exploits0References1

CVE•added 2025/09/20 6:43 a.m.•20 views

CVE-2025-9883

The CVE-2025-9883 entry concerns the WordPress plugin Browser Sniff (versions

6.1CVSS4.9AI score0.00141EPSS

Exploits0References3

Cvelist•added 2025/09/20 4:27 a.m.•6 views

CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS0.00223EPSS

Exploits0References5

CVE•added 2025/09/17 1:49 a.m.•24 views

CVE-2025-9851

CVE-2025-9851 affects the WordPress Appointmind plugin. The vulnerability is a Stored Cross‑Site Scripting via the appointmind_calendar shortcode in all versions up to 4.1.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Cvelist•added 2025/09/17 1:49 a.m.•5 views

CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00223EPSS

Exploits0References4

CNNVD•added 2025/09/15 12:0 a.m.•2 views

Seafile 安全漏洞

Seafile is an open source enterprise cloud disk from China Haiwen Huzhi Network Technology Seafile. The product features Markdown WYSIWYG editing, Wiki, file labeling, and more. A security vulnerability exists in Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro, which stems from a...

5.4CVSS5.5AI score0.00192EPSS

Exploits0References2

RedhatCVE•added 2025/09/13 7:25 a.m.•9 views

CVE-2025-9855

The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplugauthors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by