CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

62 matches found

Patchstack•added 2025/12/31 12:0 a.m.•3 views

WordPress WishSuite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WishSuite versions = 1.5.1...

6.4CVSS5.9AI score0.00037EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/22 2:35 a.m.•1 views

CVE-2025-13838

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter of the 'wishsuitebutton' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00037EPSS

Exploits0References1

EUVD•added 2025/12/21 3:31 a.m.•1 views

EUVD-2025-204653

6.4CVSS4.7AI score0.00037EPSS

Exploits0References6

NVD•added 2025/12/21 3:15 a.m.•1 views

CVE-2025-13838

6.4CVSS0.00037EPSS

Exploits0References4

CVE•added 2025/12/21 2:20 a.m.•10 views

CVE-2025-13838

WishSuite – Wishlist for WooCommerce has a stored XSS in the button_text attribute of the wishsuite_button shortcode, affecting all versions up to and including 1.5.1. Exploitation requires authenticated access at Contributor level or higher; an attacker can inject scripts that run in pages viewe...

6.4CVSS4.8AI score0.00037EPSS

Exploits0References4

Vulnrichment•added 2025/12/21 2:20 a.m.•1 views

CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Cvelist•added 2025/12/21 2:20 a.m.•10 views

CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

6.4CVSS0.00037EPSS

Exploits0References4

CNNVD•added 2025/12/21 12:0 a.m.•1 views

WordPress plugin WishSuite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.9AI score0.00037EPSS

Exploits0References5

Positive Technologies•added 2025/12/21 12:0 a.m.•1 views

PT-2025-52572

Name of the Vulnerable Software and Affected Versions WishSuite versions up to and including 1.5.1 Description The WishSuite plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the 'button text' parameter of the...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References9

RedhatCVE•added 2025/10/26 4:26 a.m.•10 views

CVE-2025-11823

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...

6.4CVSS5.1AI score0.00025EPSS

Exploits0References1

CNNVD•added 2025/10/26 12:0 a.m.•1 views

WordPress plugin ShopLentor 安全漏洞

6.4CVSS5.8AI score0.00025EPSS

Exploits0References4

EUVD•added 2025/10/25 6:30 a.m.•1 views

EUVD-2025-35915

6.4CVSS4.7AI score0.00025EPSS

Exploits0References4

OSV•added 2025/10/25 5:15 a.m.•0 views

CVE-2025-11823

5.4CVSS5.9AI score

Exploits0References3

NVD•added 2025/10/25 5:15 a.m.•3 views

CVE-2025-11823

6.4CVSS0.00025EPSS

Exploits0References3

Vulnrichment•added 2025/10/25 4:22 a.m.•3 views

CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00025EPSS

Exploits0References3

CVE•added 2025/10/25 4:22 a.m.•13 views

CVE-2025-11823

CVE-2025-11823 concerns ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules (WordPress). Wordfence and patch sources indicate a Stored Cross-Site Scripting vulnerability via the shortcodes parameter button_exist_text in wishsuite_button, exploitable on all versions up to and in...

6.4CVSS4.8AI score0.00025EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/10/25 4:22 a.m.•25 views

CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00025EPSS

Exploits0References3

Positive Technologies•added 2025/10/25 12:0 a.m.•2 views

PT-2025-43700

Name of the Vulnerable Software and Affected Versions ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress versions prior to 3.2.5 Description The ShopLentor plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue...

6.4CVSS5.8AI score0.00025EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-8358

Malicious code in bioql PyPI...

7.5CVSS9AI score0.01647EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-37183

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00083EPSS

Exploits0References1