CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/10/03 11:17 a.m.•15 views

CVE-2025-9198

CVE-2025-9198 concerns the WordPress plugin “Wp cycle text announcement” (versions up to and including 8.1). The vulnerability is a SQL Injection via the cycle-text shortcode caused by insufficient escaping of user-supplied parameters and inadequate preparation of the existing SQL query. Exploita...

6.5CVSS6.2AI score0.00312EPSS

Exploits0References2

Cvelist•added 2025/10/03 11:17 a.m.•8 views

CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00312EPSS

Exploits0References2

Vulnrichment•added 2025/10/03 11:17 a.m.•3 views

CVE-2025-9875 Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.0022EPSS

Exploits0References3

CVE•added 2025/10/03 11:17 a.m.•16 views

CVE-2025-9130

CVE-2025-9130 refers to the WordPress Unify plugin vulnerable to Stored XSS via the unify_checkout shortcode in versions up to and including 3.4.7. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contribu...

6.4CVSS4.7AI score0.00276EPSS

Cvelist•added 2025/10/03 11:17 a.m.•9 views

CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode

The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unifycheckout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00276EPSS

Vulnrichment•added 2025/10/03 11:17 a.m.•3 views

CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode

6.4CVSS4.7AI score0.00276EPSS

CNNVD•added 2025/10/03 12:0 a.m.•4 views

WordPress plugin Fintelligence Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...

6.4CVSS6AI score0.00184EPSS

Exploits0References2

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40468

Name of the Vulnerable Software and Affected Versions WP Photo Effects plugin for WordPress versions prior to 1.2.5 Description The WP Photo Effects plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wppe effect' shortcode. This is due to inadequate input sanitization...

6.4CVSS5.4AI score0.00265EPSS

Positive Technologies•added 2025/10/03 12:0 a.m.•3 views

PT-2025-40503

Name of the Vulnerable Software and Affected Versions Ird Slider versions prior to 1.0.3 Description The Ird Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s irdslider shortcode. Insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.2AI score0.00221EPSS

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40486

Name of the Vulnerable Software and Affected Versions Wp cycle text announcement plugin for WordPress versions through 8.1 Description The Wp cycle text announcement plugin for WordPress is susceptible to SQL Injection through the 'cycle-text' shortcode. Insufficient escaping of user-supplied...

6.5CVSS6.9AI score0.00312EPSS

Positive Technologies•added 2025/10/03 12:0 a.m.•5 views

PT-2025-40501

Name of the Vulnerable Software and Affected Versions Fintelligence Calculator plugin for WordPress versions up to and including 1.0.3 Description The Fintelligence Calculator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'fintelligence-calculator' shortcode. This...

6.4CVSS5.2AI score0.00184EPSS

Positive Technologies•added 2025/10/03 12:0 a.m.•5 views

PT-2025-40502

Name of the Vulnerable Software and Affected Versions Event Tickets, RSVPs, Calendar versions up to and including 1.0.2 Description The Event Tickets, RSVPs, Calendar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ticket spot' shortcode. This is due to inadequate...

6.4CVSS5.2AI score0.0022EPSS

Positive Technologies•added 2025/10/03 12:0 a.m.•4 views

PT-2025-40500

Name of the Vulnerable Software and Affected Versions Auto Bulb Finder for WordPress plugin versions prior to 2.8.1 Description The Auto Bulb Finder for WordPress plugin is susceptible to Stored Cross-Site Scripting through the 'abf vehicle' shortcode. Insufficient input sanitization and output...

6.4CVSS5.3AI score0.00211EPSS

RedhatCVE•added 2025/10/01 5:26 a.m.•5 views

CVE-2025-6941

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepointresources' shortcode in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escapin...

6.4CVSS5AI score0.00226EPSS

RedhatCVE•added 2025/10/01 4:23 a.m.•8 views

CVE-2025-10179

The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5AI score0.00183EPSS

RedhatCVE•added 2025/10/01 4:23 a.m.•10 views

CVE-2025-10182

The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00214EPSS

RedhatCVE•added 2025/10/01 4:23 a.m.•6 views

CVE-2025-10131

The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00176EPSS

RedhatCVE•added 2025/10/01 4:23 a.m.•8 views

CVE-2025-10128

The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00176EPSS

RedhatCVE•added 2025/10/01 4:23 a.m.•9 views

CVE-2025-10196

The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'surveyanyplaceembed' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00211EPSS