CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/10/23 9:13 a.m.•17 views

CVE-2025-11810

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

6.4CVSS5AI score0.00211EPSS

EUVD•added 2025/10/22 3:31 p.m.•5 views

EUVD-2025-35516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

5.9AI score0.00283EPSS

NVD•added 2025/10/22 3:15 p.m.•3 views

CVE-2025-49945

7.1CVSS0.00283EPSS

CVE•added 2025/10/22 2:32 p.m.•7 views

CVE-2025-49945

The CVE-2025-49945 entry concerns the WordPress Shortcode Generator plugin (shortcode-generator) with a Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web-page generation. Affected versions are listed as up to 1.1, and the issue is described as Reflected X...

7.1CVSS6AI score0.00283EPSS

Cvelist•added 2025/10/22 2:32 p.m.•8 views

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00283EPSS

Vulnrichment•added 2025/10/22 2:32 p.m.•3 views

CVE-2025-49945 WordPress Shortcode Generator plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

7.1CVSS6AI score0.00283EPSS

EUVD•added 2025/10/22 9:30 a.m.•4 views

EUVD-2025-35325

The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00211EPSS

Exploits0References5

NVD•added 2025/10/22 9:15 a.m.•5 views

CVE-2025-11883

The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

NVD•added 2025/10/22 9:15 a.m.•2 views

CVE-2025-11872

The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

NVD•added 2025/10/22 9:15 a.m.•1 views

CVE-2025-11880

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

NVD•added 2025/10/22 9:15 a.m.•3 views

CVE-2025-11870

NVD•added 2025/10/22 9:15 a.m.•4 views

CVE-2025-11867

The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...

NVD•added 2025/10/22 9:15 a.m.•3 views

CVE-2025-11878

The ST Categories Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's st-categories shortcode in versions less than, or equal to, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

NVD•added 2025/10/22 9:15 a.m.•4 views

CVE-2025-11827

The Oboxmedia Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforewidget' and 'afterwidget' parameters of the oboxads-ad-widget shortcode in all versions up to, and including, 1.9.8. This is due to insufficient input sanitization and output escaping. This makes it...

NVD•added 2025/10/22 9:15 a.m.•4 views

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

NVD•added 2025/10/22 9:15 a.m.•6 views

CVE-2025-11819

NVD•added 2025/10/22 9:15 a.m.•5 views

CVE-2025-11813

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...

NVD•added 2025/10/22 9:15 a.m.•1 views

CVE-2025-11811

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

NVD•added 2025/10/22 9:15 a.m.•3 views

CVE-2025-11817

The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableau' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...