CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/22 8:27 a.m.•3 views

EUVD-2025-35342

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

EUVD•added 2025/10/22 8:27 a.m.•2 views

EUVD-2025-35330

The WP Restaurant Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter of the restaurantsummary shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE•added 2025/10/22 8:27 a.m.•16 views

CVE-2025-11866

The CVE-2025-11866 entry concerns the WordPress Photographers galleries plugin (versions

Cvelist•added 2025/10/22 8:27 a.m.•6 views

CVE-2025-11830 WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00176EPSS

Vulnrichment•added 2025/10/22 8:27 a.m.•4 views

CVE-2025-11866 Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE•added 2025/10/22 8:27 a.m.•12 views

CVE-2025-11830

CVE-2025-11830 affects the WordPress plugin WP Restaurant Listings (all versions

6.4CVSS4.8AI score0.00176EPSS

CVE•added 2025/10/22 8:27 a.m.•15 views

CVE-2025-11813

CVE-2025-11813 — WordPress Responsive iframe GoogleMap plugin is vulnerable to stored cross-site scripting via the shortcode responsive_map in versions ≤ 1.0.2. The issue stems from insufficient input sanitization and output escaping on the width and height attributes, enabling authenticated user...

Cvelist•added 2025/10/22 8:27 a.m.•7 views

CVE-2025-11880 SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00176EPSS

Cvelist•added 2025/10/22 8:27 a.m.•8 views

CVE-2025-11813 Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...

6.4CVSS0.00211EPSS

CVE•added 2025/10/22 8:27 a.m.•17 views

CVE-2025-11880

The CVE-2025-11880 entry applies to the WordPress plugin SM CountDown Widget (shortcode: smcountdown). Affected versions are

6.4CVSS4.9AI score0.00176EPSS

Cvelist•added 2025/10/22 8:27 a.m.•6 views

CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS0.00211EPSS

Vulnrichment•added 2025/10/22 8:27 a.m.•2 views

CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

EUVD•added 2025/10/22 8:27 a.m.•2 views

EUVD-2025-35343

6.4CVSS4.8AI score0.00176EPSS

Vulnrichment•added 2025/10/22 8:27 a.m.•5 views

CVE-2025-11813 Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Vulnrichment•added 2025/10/22 8:27 a.m.•3 views

CVE-2025-11880 SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.9AI score0.00176EPSS

EUVD•added 2025/10/22 8:27 a.m.•4 views

EUVD-2025-35331

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

6.4CVSS4.6AI score0.00211EPSS

Exploits0References5

Vulnrichment•added 2025/10/22 8:27 a.m.•2 views

CVE-2025-11810 Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Cvelist•added 2025/10/22 8:27 a.m.•8 views

CVE-2025-11818 WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprmteam' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00211EPSS

CVE•added 2025/10/22 8:27 a.m.•18 views

CVE-2025-11818

The CVE-2025-11818 entry applies to the WordPress plugin WP Responsive Meet The Team, affected in versions up to 1.0.1. It describes a Stored Cross-Site Scripting (XSS) flaw via the wprm_team shortcode caused by insufficient input sanitization and output escaping. The vulnerability can be exploit...