CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/11/11 3:30 a.m.•3 views

CVE-2025-12020 Double the Donation <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

4.9CVSS5.9AI score0.00027EPSS

CVE•added 2025/11/11 3:30 a.m.•14 views

CVE-2025-12020

The CVE-2025-12020 entry concerns the WordPress plugin Double the Donation. The connected documents provide concrete details: the plugin versions up to and including 2.0.0 are vulnerable to Stored Cross-Site Scripting via admin settings, caused by insufficient input sanitization and output escapi...

4.9CVSS6AI score0.00027EPSS

Cvelist•added 2025/11/11 3:30 a.m.•5 views

CVE-2025-12020 Double the Donation <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.9CVSS0.00027EPSS

CVE•added 2025/11/11 3:30 a.m.•12 views

CVE-2025-12538

CVE-2025-12538 relates to the WordPress plugin Fleet Manager. The vulnerability is a Stored Cross‑Site Scripting (Stored XSS) in admin settings, affecting versions up to and including 2.5.1. Exploitation requires an attacker with at least editor-level permissions and only impacts multisite instal...

4.4CVSS4.7AI score0.00022EPSS

Cvelist•added 2025/11/11 3:30 a.m.•4 views

CVE-2025-12538 Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

4.4CVSS0.00022EPSS

Vulnrichment•added 2025/11/11 3:30 a.m.•1 views

CVE-2025-12538 Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4CVSS4.6AI score0.00022EPSS

Vulnrichment•added 2025/11/11 3:30 a.m.•2 views

CVE-2025-12632 RandomQuotr <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

5.5CVSS4.6AI score0.00029EPSS

Cvelist•added 2025/11/11 3:30 a.m.•5 views

CVE-2025-12632 RandomQuotr <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5CVSS0.00029EPSS

Positive Technologies•added 2025/11/11 12:0 a.m.•4 views

PT-2025-46280

Name of the Vulnerable Software and Affected Versions Squirrels Auto Inventory plugin for WordPress versions up to and including 1.0.3 Description The software is susceptible to Stored Cross-Site Scripting through the admin settings. This is due to inadequate input sanitization and output escapin...

4.4CVSS5.2AI score0.00022EPSS

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46281

Name of the Vulnerable Software and Affected Versions RandomQuotr versions prior to 1.0.5 Description The RandomQuotr plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers with...

5.5CVSS5.2AI score0.00029EPSS

Positive Technologies•added 2025/11/10 12:0 a.m.•3 views

PT-2025-46241

Name of the Vulnerable Software and Affected Versions Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress versions prior to 2.0.1 Description The Double the Donation plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin...

4.9CVSS5.2AI score0.00027EPSS

Exploits0References8

RedhatCVE•added 2025/11/09 3:57 a.m.•5 views

CVE-2025-12125

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00022EPSS

Exploits0References1

RedhatCVE•added 2025/11/08 7:41 a.m.•7 views

CVE-2025-12520

The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, wit...

4CVSS4.8AI score0.00025EPSS

Exploits0References1

EUVD•added 2025/11/08 6:30 a.m.•1 views

EUVD-2025-38350

4.4CVSS4.5AI score0.00022EPSS

CVE•added 2025/11/08 3:27 a.m.•19 views

CVE-2025-12125

CVE-2025-12125 corresponds to a Stored Cross-Site Scripting vulnerability in the WordPress plugin HTML Forms – Simple WordPress Forms Plugin. The issue arises from insufficient input sanitization and output escaping in admin settings, making authenticated attackers with administrator-level permis...

4.4CVSS4.6AI score0.00022EPSS

Cvelist•added 2025/11/08 3:27 a.m.•6 views

CVE-2025-12125 HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00022EPSS

NVD•added 2025/11/07 6:15 a.m.•5 views

CVE-2025-12520

4CVSS0.00025EPSS

CVE•added 2025/11/07 5:29 a.m.•24 views

CVE-2025-12520

The CVE-2025-12520 entry refers to a Stored Cross-Site Scripting vulnerability in the WordPress WP Airbnb Review Slider plugin (versions ≤ 4.2). The root cause is insufficient URL validation that allows loading a malicious HTML file, enabling authenticated attackers with administrator-level privi...

4CVSS4.6AI score0.00025EPSS

Vulnrichment•added 2025/11/07 5:29 a.m.•2 views

CVE-2025-12520 WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4CVSS4.6AI score0.00025EPSS