Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8962 matches found

Vulnrichment
Vulnrichmentadded 2025/12/21 2:20 a.m.3 views

CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS4.6AI score0.00199EPSS
Exploits0References4
CVE
CVEadded 2025/12/21 2:20 a.m.17 views

CVE-2025-13838

WishSuite – Wishlist for WooCommerce has a stored XSS in the button_text attribute of the wishsuite_button shortcode, affecting all versions up to and including 1.5.1. Exploitation requires authenticated access at Contributor level or higher; an attacker can inject scripts that run in pages viewe...

6.4CVSS4.8AI score0.00197EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/12/21 2:20 a.m.12 views

CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter of the 'wishsuitebutton' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/12/21 12:0 a.m.8 views

PT-2025-52572

Name of the Vulnerable Software and Affected Versions WishSuite versions up to and including 1.5.1 Description The WishSuite plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the 'button text' parameter of the...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2025/12/20 9:15 a.m.3 views

CVE-2025-11747

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.9AI score0.00275EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/20 6:30 a.m.3 views

EUVD-2025-204628

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS4.7AI score0.00171EPSS
Exploits0References3
NVD
NVDadded 2025/12/20 4:16 a.m.4 views

CVE-2025-14721

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS0.00171EPSS
Exploits0References2
CVE
CVEadded 2025/12/20 3:20 a.m.17 views

CVE-2025-14721

CVE-2025-14721 affects the WordPress plugin Responsive and Swipe Slider . It exposes a Stored Cross-Site Scripting (XSS) vulnerability via the plugin’s rsSlider shortcode in all versions up to and including 1.0.2, due to insufficient input sanitization and output escaping on user-supplied attribu...

5.5CVSS4.7AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/20 3:20 a.m.18 views

CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/20 3:20 a.m.2 views

CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS4.7AI score0.00171EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/12/19 11:5 p.m.7 views

WordPress FiboSearch – Ajax Search for WooCommerce plugin <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via thegemtesearch Shortcode vulnerability discovered by zaim in WordPress Plugin FiboSearch versions = 1.32.0...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/12/19 10:3 p.m.4 views

WordPress Responsive and Swipe slider plugin <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bhumividh Treloges in WordPress Plugin RESPONSIVE AND SWIPE SLIDER! versions = 1.0.2...

5.5CVSS5.5AI score0.00171EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/19 9:34 a.m.6 views

CVE-2025-13730

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/19 8:23 a.m.1 views

CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.6AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/12/19 8:23 a.m.26 views

CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00275EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/12/19 6:48 a.m.26 views

CVE-2025-14449 BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, 1.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/19 12:0 a.m.2 views

PT-2025-52435

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri blog posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.9AI score0.00275EPSS
Exploits0References4
Patchstack
Patchstackadded 2025/12/18 10:17 p.m.2 views

WordPress Colibri Page Builder plugin <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Colibri Page Builder versions = 1.0.345...

6.4CVSS5.3AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/12/18 10:16 p.m.6 views

WordPress BA Book Everything plugin <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BA Book Everything versions = 1.8.14...

6.4CVSS5.6AI score0.00155EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/12/18 10:16 a.m.4 views

CVE-2025-13730

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00197EPSS
Exploits0References4
Rows per page
Query Builder