CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

RedhatCVE•added 2025/09/27 2:43 a.m.•9 views

CVE-2025-10178

The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbdfeaturedimage' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00223EPSS

Exploits0References1

CVE•added 2025/09/26 1:47 a.m.•17 views

CVE-2025-10178

CVE-2025-10178 is a stored XSS vulnerability in the CM Business Directory WordPress plugin, exploitable via the plugin shortcode cmbd_featured_image on pages. Affected versions are all up to and including 1.5.2. The issue arises from insufficient input sanitization and output escaping on user-sup...

6.4CVSS4.7AI score0.00223EPSS

Exploits0References5

Cvelist•added 2025/09/26 1:47 a.m.•6 views

CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00223EPSS

Exploits0References5

Vulnrichment•added 2025/09/26 1:47 a.m.•3 views

CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00223EPSS

Exploits0References5

Positive Technologies•added 2025/09/26 12:0 a.m.•3 views

PT-2025-39474

Name of the Vulnerable Software and Affected Versions CM Business Directory plugin for WordPress versions up to and including 1.5.2 Description The CM Business Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'cmbd featured image' shortcode. This is due to...

6.4CVSS5.2AI score0.00223EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by