CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

CNVD•added 2025/12/22 12:0 a.m.•1 views

WordPress GPXpress plugin cross-site scripting vulnerability

WordPress GPXpress plugin is a plugin for WordPress that is mainly used to embed aesthetically pleasing maps to display GPX paths. A cross-site scripting vulnerability exists in the WordPress GPXpress plugin, which stems from the lack of effective filtering and escaping of user-supplied data in t...

6.4CVSS6.1AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2025/12/13 3:59 a.m.•2 views

CVE-2025-13960

The GPXpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gpxpress' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5AI score0.00031EPSS

Exploits0References1

NVD•added 2025/12/12 4:15 a.m.•2 views

CVE-2025-13960

6.4CVSS0.00031EPSS

Exploits0References3

Vulnrichment•added 2025/12/12 3:20 a.m.•1 views

CVE-2025-13960 GPXpress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

CVE•added 2025/12/12 3:20 a.m.•12 views

CVE-2025-13960

The CVE-2025-13960 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress GPXpress plugin (versions

6.4CVSS4.7AI score0.00031EPSS

Exploits0References3

Cvelist•added 2025/12/12 3:20 a.m.•24 views

CVE-2025-13960 GPXpress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00031EPSS

Exploits0References3

EUVD•added 2025/12/12 3:20 a.m.•1 views

EUVD-2025-202982

6.4CVSS4.7AI score0.00031EPSS

Exploits0References4

CNNVD•added 2025/12/12 12:0 a.m.•1 views

WordPress plugin GPXpress 跨站脚本漏洞

6.4CVSS6AI score0.00031EPSS

Exploits0References3

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50832

6.4CVSS5AI score0.00031EPSS

Exploits0References4

Patchstack•added 2025/12/11 11:4 p.m.•3 views

WordPress GPXpress plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin GPXpress versions = 1.3...

6.4CVSS5.5AI score0.00031EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by