CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

NVD•added 2025/11/19 6:15 a.m.•2 views

CVE-2025-13054

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

6.4CVSS0.00032EPSS

Exploits0References2

Vulnrichment•added 2025/11/19 5:45 a.m.•6 views

CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00032EPSS

Exploits0References2

CVE•added 2025/11/19 5:45 a.m.•8 views

CVE-2025-13054

CVE-2025-13054 affects the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” up to version 3.14.8. The vulnerability is a Stored Cross-Site Scripting (XSS) via the wppb-embed shortcode, caused by insufficient input sanitization and outpu...

6.4CVSS4.7AI score0.00032EPSS

Exploits0References2

Cvelist•added 2025/11/19 5:45 a.m.•9 views

CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00032EPSS

Exploits0References2

CNNVD•added 2025/11/19 12:0 a.m.•1 views

WordPress plugin User Profile Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2025/11/19 12:0 a.m.•3 views

PT-2025-47437

6.4CVSS5AI score0.00032EPSS

Exploits0References3

NVD•added 2025/10/18 6:15 a.m.•1 views

CVE-2025-11857

The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxpfb2wpdisplayembed' shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing user input and output of the 'postid' parameter. This makes it...

6.4CVSS0.00032EPSS

Exploits0References3

RedhatCVE•added 2025/10/01 4:23 a.m.•2 views

CVE-2025-10196

The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'surveyanyplaceembed' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00035EPSS

Exploits0References1

Positive Technologies•added 2025/09/30 12:0 a.m.•1 views

PT-2025-39937

Name of the Vulnerable Software and Affected Versions Survey Anyplace plugin for WordPress versions prior to 1.0.1 Description The software contains a Stored Cross-Site Scripting issue stemming from insufficient input sanitization and output escaping on user-supplied attributes within the...

6.4CVSS5.5AI score0.00035EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 8:20 a.m.•2 views

CVE-2024-10176

The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scembedplayer shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00233EPSS

Exploits0References1

Positive Technologies•added 2024/10/29 12:0 a.m.•2 views

PT-2024-16100 · WordPress · Streamweasels Youtube Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels YouTube Integration plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode due to insufficient input sanitization an...

6.4CVSS6.2AI score0.00393EPSS

Exploits0References13

Patchstack•added 2024/10/24 6:34 a.m.•1 views

WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References1Affected Software1

OSV•added 2024/10/19 10:15 a.m.•0 views

CVE-2024-9897

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score

Exploits0References4

Positive Technologies•added 2024/10/19 12:0 a.m.•2 views

PT-2024-39923 · WordPress · Streamweasels Twitch Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Twitch Integration plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode due to insufficient input sanitization and...

6.4CVSS6.2AI score0.00233EPSS

Exploits0References10

Patchstack•added 2024/10/18 9:40 p.m.•1 views

WordPress StreamWeasels Twitch Integration plugin <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels Twitch Integration versions = 1.8.6...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by