CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/11/04 4:27 a.m.•14 views

CVE-2025-12065

CVE-2025-12065 affects the WP Carticon WordPress plugin. The vulnerability is a stored cross-site scripting (XSS) via the carticon_js_script parameter in all versions up to and including 1.0.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admi...

4.4CVSS4.7AI score0.00023EPSS

Vulnrichment•added 2025/11/04 4:27 a.m.•2 views

CVE-2025-12371 Nari Accountant <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting

The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

Vulnrichment•added 2025/11/04 4:27 a.m.•1 views

CVE-2025-12065 WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.7AI score0.00023EPSS

CVE•added 2025/11/04 4:27 a.m.•15 views

CVE-2025-12393

CVE-2025-12393 affects the WordPress plugin Free Quotation up to version 3.1.6. It is a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping in admin settings. Exploitation requires authentication at administrator level or higher, and affec...

Cvelist•added 2025/11/04 4:27 a.m.•6 views

CVE-2025-12393 Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS0.00021EPSS

Vulnrichment•added 2025/11/04 4:27 a.m.•3 views

CVE-2025-12393 Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Positive Technologies•added 2025/11/04 12:0 a.m.•2 views

PT-2025-44949

4.4CVSS5AI score0.00021EPSS

Positive Technologies•added 2025/11/04 12:0 a.m.•4 views

PT-2025-44938

Name of the Vulnerable Software and Affected Versions Bootstrap Multi-language Responsive Portfolio versions prior to 1.0 Description The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input...

4.4CVSS5.3AI score0.00021EPSS

Positive Technologies•added 2025/11/04 12:0 a.m.•3 views

PT-2025-44942

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon js script' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5AI score0.00023EPSS

Positive Technologies•added 2025/11/04 12:0 a.m.•5 views

PT-2025-44952

The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS5AI score0.00021EPSS

RedhatCVE•added 2025/11/02 3:48 a.m.•8 views

CVE-2025-11928

The CSS & JavaScript Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5AI score0.00021EPSS

Exploits0References1

EUVD•added 2025/11/01 6:30 a.m.•2 views

EUVD-2025-37411

4.4CVSS4.6AI score0.00021EPSS

EUVD•added 2025/11/01 6:30 a.m.•3 views

EUVD-2025-37414

The Flying Images: Optimize and Lazy Load Images for Faster Page Speed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS4.5AI score0.00027EPSS

Exploits0References6

NVD•added 2025/11/01 5:16 a.m.•2 views

CVE-2025-11927

4.4CVSS0.00027EPSS

Vulnrichment•added 2025/11/01 4:27 a.m.•2 views

CVE-2025-11927 Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS4.6AI score0.00027EPSS

Cvelist•added 2025/11/01 4:27 a.m.•5 views

CVE-2025-11927 Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4CVSS0.00027EPSS

CVE•added 2025/11/01 4:27 a.m.•6 views

CVE-2025-11927

CVE-2025-11927 – Flying Images plugin (WordPress) is affected in versions up to 2.4.14. The vulnerability is an authenticated (Admin+) Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. Successful exploitation enables an attacker with...

4.4CVSS4.6AI score0.00027EPSS

NVD•added 2025/11/01 4:16 a.m.•2 views

CVE-2025-11928

4.4CVSS0.00021EPSS

CVE•added 2025/11/01 3:34 a.m.•13 views

CVE-2025-11928

CVE-2025-11928 refers to a stored cross-site scripting flaw in the WordPress plugin “CSS & JavaScript Toolbox” (versions