Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8962 matches found

CNVD
CNVDadded 2025/11/21 12:0 a.m.2 views

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

8CVSS7.7AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.2 views

PT-2025-47684

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.6 views

PT-2025-47704

The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsite y shortcode and the 'before' attribute in the wpsite postauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input...

6.4CVSS5.1AI score0.00201EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/11/21 12:0 a.m.2 views

WordPress plugin BrightTALK WordPress Shortcode 跨站脚本漏洞

The WordPress BrightTALK Shortcode plugin is a plugin for WordPress designed to integrate BrightTALK's webinar functionality through shortcodes. The WordPress BrightTALK Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filterin...

6.4CVSS6AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.3 views

PT-2025-47683

The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'asin' shortcode attribute in the affiai img shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.4 views

PT-2025-47685

The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/21 12:0 a.m.2 views

WordPress plugin WPSite Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.5 views

PT-2025-47705

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS5AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.4 views

PT-2025-47680

The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.1AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.4 views

PT-2025-47694

The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.1AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/21 12:0 a.m.2 views

PT-2025-47675

The Display Pages Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column count' parameter in the display-pages shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.1AI score0.00194EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/11/21 12:0 a.m.4 views

WordPress plugin Tips Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/11/20 11:27 p.m.10 views

WordPress Shortcode for Google Street View plugin <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Shortcode for Google Street View versions = 0.5.7...

6.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/11/20 11:25 p.m.5 views

WordPress WP Company Info plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Company Info versions = 1.9.0...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/11/20 11:13 p.m.5 views

WordPress WPSite Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WPSite Shortcode versions = 1.2...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/11/20 10:57 p.m.3 views

WordPress Display Pages Shortcode plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Display Pages Shortcode versions = 1.1...

6.4CVSS5.7AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/11/20 10:37 p.m.6 views

WordPress BrightTALK WordPress Shortcode plugin <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin BrightTALK WordPress Shortcode versions = 2.4.0...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/11/20 10:35 p.m.4 views

WordPress Surbma | MiniCRM Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | MiniCRM Shortcode versions = 2.0...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/11/20 10:24 p.m.4 views

WordPress Pollcaster Shortcode Plugin plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Pollcaster Shortcode Plugin versions = 1.0...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/20 9:37 p.m.7 views

CVE-2025-12878

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

6.4CVSS5AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder