CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

233 matches found

Patchstack•added 2025/12/06 1:25 a.m.•4 views

WordPress Cute News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by ChamlaVic in WordPress Plugin Cute News Ticker versions = 1.0...

6.4CVSS5.5AI score0.00197EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/22 8:35 a.m.•7 views

CVE-2025-11800

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00162EPSS

Exploits0References1

CVE•added 2025/11/21 8:28 a.m.•13 views

CVE-2025-11826

CVE-2025-11826 involves the WP Company Info plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the class attribute of the social-networks shortcode, affecting all versions up to 1.9.0. Exploitation requires authenticated access at contributor level or higher, allow...

6.4CVSS4.8AI score0.00162EPSS

Exploits0References2

CNVD•added 2025/11/21 12:0 a.m.•2 views

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

8CVSS7.7AI score0.0031EPSS

Exploits0References1

RedhatCVE•added 2025/11/05 5:8 a.m.•2 views

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

7.5CVSS7.1AI score0.00499EPSS

Exploits0References1

NVD•added 2025/11/04 5:15 a.m.•3 views

CVE-2025-11704

7.5CVSS0.00499EPSS

Exploits0References4

NVD•added 2025/10/22 9:15 a.m.•3 views

CVE-2025-11870

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS0.00176EPSS

Exploits0References2

Vulnrichment•added 2025/10/22 8:27 a.m.•3 views

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00176EPSS

Exploits0References2

EUVD•added 2025/10/22 8:27 a.m.•2 views

EUVD-2025-35332

6.4CVSS4.6AI score0.00176EPSS

Exploits0References3

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...

5.5CVSS6.7AI score0.0024EPSS

Exploits0References1

CNNVD•added 2025/10/15 12:0 a.m.•2 views

WordPress plugin BlindMatrix e-Commerce 安全漏洞

5.5CVSS6.6AI score0.0024EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-52018