CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/12/20 6:30 a.m.•2 views

EUVD-2025-204632

4.4CVSS4.6AI score0.0002EPSS

Exploits0References4

NVD•added 2025/12/20 4:16 a.m.•2 views

CVE-2025-14735

Vulnrichment•added 2025/12/20 3:20 a.m.•2 views

CVE-2025-14735 Amazon affiliate lite Plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE•added 2025/12/20 3:20 a.m.•15 views

CVE-2025-14735

The CVE-2025-14735 entry concerns the Amazon affiliate lite Plugin for WordPress with a Stored XSS in admin settings, affecting all versions up to 1.0.0. The vulnerability arises from insufficient input sanitization and output escaping, enabling authenticated attackers with administrator-level pe...

Cvelist•added 2025/12/20 3:20 a.m.•13 views

CVE-2025-14735 Amazon affiliate lite Plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Positive Technologies•added 2025/12/20 12:0 a.m.•3 views

PT-2025-52545

Name of the Vulnerable Software and Affected Versions Amazon affiliate lite Plugin versions prior to 1.0.1 Description The “Amazon affiliate lite Plugin” for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow...

4.4CVSS5.3AI score0.0002EPSS

Exploits0References7

RedhatCVE•added 2025/12/14 5:3 a.m.•10 views

CVE-2025-14378

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5AI score0.0002EPSS

NVD•added 2025/12/13 4:16 p.m.•3 views

CVE-2025-14378

Vulnrichment•added 2025/12/13 4:31 a.m.•3 views

CVE-2025-14378 Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE•added 2025/12/13 4:31 a.m.•12 views

CVE-2025-14378

CVE-2025-14378 : The WordPress plugin Quick Testimonials (

Cvelist•added 2025/12/13 4:31 a.m.•24 views

CVE-2025-14378 Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

RedhatCVE•added 2025/12/13 3:59 a.m.•3 views

CVE-2025-14035

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00032EPSS

RedhatCVE•added 2025/12/13 3:59 a.m.•3 views

CVE-2025-13975

The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5AI score0.00026EPSS

NVD•added 2025/12/12 8:15 a.m.•3 views

CVE-2025-4970

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...

5.5CVSS0.00006EPSS

EUVD•added 2025/12/12 7:20 a.m.•2 views

EUVD-2025-203053

5.5CVSS4.6AI score0.00006EPSS

Exploits0References4

Vulnrichment•added 2025/12/12 7:20 a.m.•2 views

CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

5.5CVSS4.7AI score0.00006EPSS

Cvelist•added 2025/12/12 7:20 a.m.•28 views

CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

5.5CVSS0.00006EPSS

CVE•added 2025/12/12 7:20 a.m.•13 views

CVE-2025-4970

CVE-2025-4970 pertains to the WordPress plugin BSK PDF Manager and describes a Stored Cross-Site Scripting (XSS) via SVG file uploads in all versions up to 3.7.1. The issue arises from insufficient input sanitization and output escaping during SVG handling, allowing an authenticated attacker with...

5.5CVSS4.7AI score0.00006EPSS