CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/11/05 5:8 a.m.•2 views

CVE-2025-12065

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticonjsscript' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.9AI score0.00023EPSS

RedhatCVE•added 2025/11/05 5:8 a.m.•3 views

CVE-2025-12371

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

RedhatCVE•added 2025/11/05 5:8 a.m.•4 views

CVE-2025-12393

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

RedhatCVE•added 2025/11/05 5:8 a.m.•4 views

CVE-2025-11753

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

RedhatCVE•added 2025/11/05 5:8 a.m.•3 views

CVE-2025-12396

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

NVD•added 2025/11/04 3:15 p.m.•2 views

CVE-2025-12184

Cvelist•added 2025/11/04 2:25 p.m.•4 views

CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE•added 2025/11/04 2:25 p.m.•15 views

CVE-2025-12184

CVE-2025-12184 affects the WordPress MeetingList plugin (versions up to and including 0.11). The vulnerability is a Stored Cross-Site Scripting flaw in admin/settings handling, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with Administr...

EUVD•added 2025/11/04 2:25 p.m.•4 views

EUVD-2025-37761

4.4CVSS4.6AI score0.00021EPSS

NVD•added 2025/11/04 5:16 a.m.•5 views

CVE-2025-12371

NVD•added 2025/11/04 5:16 a.m.•2 views

CVE-2025-12065

4.4CVSS0.00023EPSS

NVD•added 2025/11/04 5:16 a.m.•3 views

CVE-2025-11753

Cvelist•added 2025/11/04 4:27 a.m.•6 views

CVE-2025-12396 Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Vulnrichment•added 2025/11/04 4:27 a.m.•4 views

CVE-2025-12396 Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Vulnrichment•added 2025/11/04 4:27 a.m.•6 views

CVE-2025-11753 Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE•added 2025/11/04 4:27 a.m.•16 views

CVE-2025-11753

CVE-2025-11753 : WordPress plugin Bootstrap Multi-language Responsive Portfolio is vulnerable to Stored Cross-Site Scripting via admin settings. Affected versions are those up to and including 1.0; the issue requires authenticated admin+ access and occurs in multisite installations or where unfil...

Cvelist•added 2025/11/04 4:27 a.m.•10 views

CVE-2025-11753 Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Cvelist•added 2025/11/04 4:27 a.m.•5 views

CVE-2025-12065 WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00023EPSS