CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

229 matches found

CNVD•added 2025/11/25 12:0 a.m.•3 views

WordPress Bulma Shortcodes plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bulma Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

6.4CVSS6.1AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2025/11/22 8:35 a.m.•9 views

CVE-2025-11802

The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00162EPSS

Exploits0References1

NVD•added 2025/11/21 8:15 a.m.•18 views

CVE-2025-11802

6.4CVSS0.00162EPSS

Exploits0References2

Cvelist•added 2025/11/21 7:31 a.m.•6 views

CVE-2025-11802 Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00162EPSS

Exploits0References2

EUVD•added 2025/11/21 7:31 a.m.•3 views

EUVD-2025-198395

6.4CVSS4.7AI score0.00162EPSS

Exploits0References3

CVE•added 2025/11/21 7:31 a.m.•16 views

CVE-2025-11802

Summary of CVE-2025-11802. The Bulma Shortcodes plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the type attribute of the bulma-notification shortcode. This applies to all versions up to and including 1.0. authenticated attackers with Contributor+ privile...

6.4CVSS4.8AI score0.00162EPSS

Exploits0References2

Vulnrichment•added 2025/11/21 7:31 a.m.•5 views

CVE-2025-11802 Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00162EPSS

Exploits0References2

Positive Technologies•added 2025/11/21 12:0 a.m.•8 views

PT-2025-47686

6.4CVSS5.1AI score0.00162EPSS

Exploits0References3

CNNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress plugin Bulma Shortcodes 跨站脚本漏洞

6.4CVSS6AI score0.00162EPSS

Exploits0References3

Patchstack•added 2025/11/20 10:27 p.m.•8 views

WordPress Bulma Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Bulma Shortcodes versions = 1.0...

6.4CVSS5.8AI score0.00162EPSS

Exploits0References1Affected Software1

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•6 views

Malicious code in interstellarmedium-pino-bulma-darkenergy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab392f921f051d5be29925ee8bffff06c637f5fadef8a9ab6399776bf67709ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178976

Malicious code in exoplanet-string-bulma-tardigrade npm...

6.6AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•5 views

Malicious code in bulma-equinox-build-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936f198e0e70f653d369a2d4c68b7759255a33a0397ab6045251c30465cc7e9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-175980

Malicious code in testcafe-janus-sqlite-bulma npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-177633

Malicious code in neutronstar-gravity-aether-bulma npm...

6.6AI score

Exploits0