CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abfvehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.00211EPSS

Exploits0References3

NVD•added 2025/10/03 12:15 p.m.•5 views

CVE-2025-9859

The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00184EPSS

Exploits0References2

NVD•added 2025/10/03 12:15 p.m.•23 views

CVE-2025-9875

The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketspot' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.0022EPSS

Exploits0References3

NVD•added 2025/10/03 12:15 p.m.•5 views

CVE-2025-9876

The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00221EPSS

Exploits0References2

NVD•added 2025/10/03 12:15 p.m.•3 views

CVE-2025-9199

The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS0.00254EPSS

Exploits0References2

NVD•added 2025/10/03 12:15 p.m.•3 views

CVE-2025-10192

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS0.00265EPSS

Exploits0References3

CVE•added 2025/10/03 11:17 a.m.•16 views

CVE-2025-10165

CVE-2025-10165 affects the WordPress plugin AP Background. A stored XSS flaw exists in the adv_parallax_back shortcode due to insufficient input sanitization and output escaping in versions up to 3.8.2, allowing authenticated users with contributor-level access or higher to inject and execute scr...

6.4CVSS4.7AI score0.00211EPSS

Exploits0References3

CVE•added 2025/10/03 11:17 a.m.•15 views

CVE-2025-9129

CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...

6.4CVSS4.7AI score0.0022EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by