CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/11/21 8:28 a.m.•1 views

EUVD-2025-198385

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS4.6AI score0.00162EPSS

Vulnrichment•added 2025/11/21 8:28 a.m.•3 views

CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00162EPSS

CVE•added 2025/11/21 8:28 a.m.•21 views

CVE-2025-11808

CVE-2025-11808 concerns the WordPress plugin “Shortcode for Google Street View” (Shortcode for Google Street View, plugin slug wp-google-street-view-shortcode). The vulnerability is a Stored Cross-Site Scripting (XSS) via the streetview shortcode, in all versions up to and including 0.5.7, caused...

6.4CVSS4.7AI score0.00162EPSS

Cvelist•added 2025/11/21 8:28 a.m.•8 views

CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Vulnrichment•added 2025/11/21 8:28 a.m.•3 views

CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.8AI score0.00162EPSS

EUVD•added 2025/11/21 8:28 a.m.•3 views

EUVD-2025-198384

6.4CVSS4.7AI score0.00162EPSS

CVE•added 2025/11/21 8:28 a.m.•13 views

CVE-2025-11826

CVE-2025-11826 involves the WP Company Info plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the class attribute of the social-networks shortcode, affecting all versions up to 1.9.0. Exploitation requires authenticated access at contributor level or higher, allow...

6.4CVSS4.8AI score0.00162EPSS

Cvelist•added 2025/11/21 8:28 a.m.•7 views

CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE•added 2025/11/21 8:28 a.m.•20 views

CVE-2025-11803

CVE-2025-11803 affects the WordPress plugin WPSite Shortcode (all versions up to 1.2). It is a stored XSS due to insufficient input sanitization and output escaping in error messages, triggered via the format attribute in the wpsite_y shortcode and the before attribute in the wpsite_postauthor sh...

6.4CVSS4.8AI score0.00201EPSS

EUVD•added 2025/11/21 8:28 a.m.•3 views

EUVD-2025-198388

6.4CVSS4.7AI score0.00201EPSS

Exploits0References5

Vulnrichment•added 2025/11/21 8:28 a.m.•5 views

CVE-2025-11803 WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.8AI score0.00201EPSS

Cvelist•added 2025/11/21 8:28 a.m.•9 views

CVE-2025-11803 WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00201EPSS

Patchstack•added 2025/11/21 8:23 a.m.•5 views

WordPress FluentCRM plugin <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentcrmcontent' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fluent CRM versions = 2.9.84...

6.4CVSS5.8AI score0.00252EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/21 8:15 a.m.•3 views

CVE-2025-12660

The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00194EPSS

NVD•added 2025/11/21 8:15 a.m.•8 views

CVE-2025-11801

The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for...

NVD•added 2025/11/21 8:15 a.m.•7 views

CVE-2025-11800

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

NVD•added 2025/11/21 8:15 a.m.•3 views

CVE-2025-11770

The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...

NVD•added 2025/11/21 8:15 a.m.•9 views

CVE-2025-11799

The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'asin' shortcode attribute in the affiaiimg shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00194EPSS

NVD•added 2025/11/21 8:15 a.m.•2 views

CVE-2025-11764

The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' parameter in the notification shortcode in all versions up to, and including, 1.1. This is due to missing input sanitization and output escaping. This makes it possible for authenticated...