Lucene search
K

1414 matches found

Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47252

Name of the Vulnerable Software and Affected Versions everviz plugin for WordPress versions up to and including 1.1 Description The everviz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the everviz shortcode attributes. The issue arises from insufficient sanitization ...

6.4CVSS5.2AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/11 6:30 a.m.4 views

EUVD-2025-60921

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS4.6AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2025/11/11 3:30 a.m.18 views

CVE-2025-12651

CVE-2025-12651 describes a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Live Photos on WordPress . The flaw arises from insufficient input sanitization and output escaping for user-supplied attributes in the shortcode livephotos_photo, specifically the parameters video_...

6.4CVSS4.7AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/06 12:6 p.m.16 views

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/11/05 11:24 a.m.17 views

CVE-2025-11745

CVE-2025-11745 affects the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads (versions up to and including 2.8.7). The vulnerability is a Stored Cross‑Site Scripting flaw in which user‑supplied attributes in the adinserter shortcode are insufficiently sanitized/escaped, allowing authenticat...

6.4CVSS4.7AI score0.00193EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/04 4:46 a.m.5 views

WordPress TablePress plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Rafshanzani Suhada in WordPress Plugin TablePress versions = 3.2.4...

6.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/04 2:26 a.m.21 views

CVE-2025-12324

CVE-2025-12324 affects the WordPress plugin TablePress (versions up to 3.2.3). The vulnerability is a Stored Cross-Site Scripting via table shortcode attributes caused by insufficient input sanitization and output escaping. Exploitation requires at least contributor-level access; an attacker can ...

6.4CVSS4.7AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 2:26 a.m.6 views

CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 2:26 a.m.8 views

CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS4.7AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.7 views

PT-2025-44915

Name of the Vulnerable Software and Affected Versions TablePress versions up to and including 3.2.3 Description The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the table shortcode attributes. Insufficient input sanitization and output escaping on...

6.4CVSS5.2AI score0.00161EPSS
Exploits0References5
NVD
NVD
added 2025/11/01 8:15 a.m.22 views

CVE-2025-6988

The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/11/01 7:30 a.m.19 views

CVE-2025-6988

CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions

6.4CVSS4.8AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2025/10/25 6:15 a.m.5 views

CVE-2025-10737

The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 9:13 a.m.18 views

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

6.4CVSS5.1AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 9:15 a.m.5 views

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

6.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 8:27 a.m.17 views

CVE-2025-11870

CVE-2025-11870: The Simple Business Data WordPress plugin (simple-business-data) is vulnerable to stored XSS in all versions up to 1.0.1 via the simple_business_data shortcode attributes, where unsanitized input is embedded into the class attribute of rendered HTML. Exploitation requires contribu...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 8:27 a.m.16 views

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 8:27 a.m.4 views

CVE-2025-11866 Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 8:27 a.m.18 views

CVE-2025-11866

The CVE-2025-11866 entry concerns the WordPress Photographers galleries plugin (versions

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 8:27 a.m.4 views

EUVD-2025-35342

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder