CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8962 matches found

Positive Technologies•added 2025/12/05 12:0 a.m.•3 views

PT-2025-49237

The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...

6.4CVSS5AI score0.00235EPSS

Exploits0References4

Positive Technologies•added 2025/12/05 12:0 a.m.•4 views

PT-2025-49210

The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...

6.4CVSS5AI score0.00187EPSS

Exploits0References4

Patchstack•added 2025/12/04 11:26 p.m.•4 views

WordPress Thai Lottery Widget plugin <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Thai Lottery Widget versions = 2.5...

6.4CVSS5.5AI score0.00235EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/04 3:17 a.m.•7 views

CVE-2025-13448

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/12/03 2:2 p.m.•3 views

CVE-2025-13731

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00193EPSS

Exploits0References1

Vulnrichment•added 2025/12/03 2:25 a.m.•2 views

CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute

6.4CVSS4.7AI score0.00193EPSS

Exploits0References4

EUVD•added 2025/12/02 3:30 p.m.•3 views

EUVD-2025-200241

6.4CVSS4.5AI score0.00193EPSS

Exploits0References5

CVE•added 2025/12/02 1:53 p.m.•11 views

CVE-2025-13731

CVE-2025-13731 impacts the Nexter Extension – Site Enhancements Toolkit for WordPress. The issue is a Stored Cross-Site Scripting vulnerability in the nxt-year shortcode caused by insufficient input sanitization and output escaping, affecting versions up to 4.4.1. Exploitation requires authentica...

6.4CVSS4.7AI score0.00193EPSS

Exploits0References4

Vulnrichment•added 2025/12/02 1:53 p.m.•2 views

CVE-2025-13731 Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.6AI score0.00193EPSS

Exploits0References4

Cvelist•added 2025/12/02 1:53 p.m.•7 views

CVE-2025-13731 Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00193EPSS

Exploits0References4

Positive Technologies•added 2025/12/02 12:0 a.m.•3 views

PT-2025-48686

6.4CVSS4.9AI score0.00193EPSS

Exploits0References5

RedhatCVE•added 2025/11/28 2:54 a.m.•9 views

CVE-2025-12666

The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.2AI score0.00185EPSS

Exploits0References1

RedhatCVE•added 2025/11/28 2:54 a.m.•4 views

CVE-2025-12670

The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'twitpic' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.1AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2025/11/28 2:54 a.m.•8 views

CVE-2025-12713

The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00188EPSS

Exploits0References1

RedhatCVE•added 2025/11/28 2:54 a.m.•9 views

CVE-2025-12712

The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2025/11/28 2:54 a.m.•6 views

CVE-2025-12649

The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the sorttablepost shortcode in all versions up to, and including, 4.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it...

6.4CVSS5AI score0.00152EPSS

Exploits0References1

EUVD•added 2025/11/27 3:30 a.m.•5 views

EUVD-2025-199786

6.4CVSS4.7AI score0.00152EPSS

Exploits0References3

EUVD•added 2025/11/27 3:30 a.m.•4 views

EUVD-2025-199784

6.4CVSS4.7AI score0.00188EPSS

Exploits0References6

EUVD•added 2025/11/27 3:30 a.m.•4 views

EUVD-2025-199785