CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8976 matches found

CVE•added 2025/09/30 3:35 a.m.•19 views

CVE-2025-10128

CVE-2025-10128 — Eulerpool Research Systems WordPress Plugin is affected by a stored cross-site scripting vulnerability in the plugin’s aaq shortcode. Reported across multiple sources, it affects all versions up to and including 4.0.1. The root cause is insufficient input sanitization and output ...

6.4CVSS4.7AI score0.00176EPSS

Exploits0References2

Cvelist•added 2025/09/30 3:35 a.m.•5 views

CVE-2025-10128 Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00176EPSS

Exploits0References2

Vulnrichment•added 2025/09/30 3:35 a.m.•1 views

CVE-2025-10128 Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00176EPSS

Exploits0References2

CVE•added 2025/09/30 3:35 a.m.•18 views

CVE-2025-10189

CVE-2025-10189 : WordPress BP Direct Menus plugin (versions

6.4CVSS4.7AI score0.00176EPSS

Exploits0References2

Cvelist•added 2025/09/30 3:35 a.m.•4 views

CVE-2025-10189 BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00176EPSS

Exploits0References2

Cvelist•added 2025/09/30 3:35 a.m.•4 views

CVE-2025-10168 Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Any News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'any-ticker' shortcode in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00275EPSS

Exploits0References3

Vulnrichment•added 2025/09/30 3:35 a.m.•1 views

CVE-2025-10168 Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00275EPSS

Exploits0References3

Cvelist•added 2025/09/30 3:35 a.m.•5 views

CVE-2025-10182 dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The dbview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dbview' shortcode in all versions up to, and including, 0.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00214EPSS

Exploits0References2

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-10182 dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00214EPSS

Exploits0References2

CVE•added 2025/09/30 3:35 a.m.•20 views

CVE-2025-10182

CVE-2025-10182: WordPress dbview plugin variants up to 0.5.5 exposed a Stored Cross-Site Scripting vulnerability in the dbview shortcode due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject scripts that run when use...

6.4CVSS4.7AI score0.00214EPSS

Exploits0References2

CVE•added 2025/09/30 3:35 a.m.•20 views

CVE-2025-10191

CVE-2025-10191 concerns the WordPress plugin Big Post Shipping for WooCommerce . The vulnerability is a Stored Cross-Site Scripting (XSS) in the shortcode wooboigpost_shipping_status. Affected versions are up to 2.1.1 (Wordfence listing confirms patching in 2.1.2). The issue stems from insufficie...

6.4CVSS6.1AI score0.00226EPSS

Exploits0References4

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-10191 Big Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Big Post Shipping for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wooboigpostshippingstatus' shortcode in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00226EPSS

Exploits0References4

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-8623 WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode

The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmapsmenu shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00211EPSS

Exploits0References3

CVE•added 2025/09/30 3:35 a.m.•20 views

CVE-2025-8623

CVE-2025-8623 : The WeedMaps Menu for WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s weedmaps_menu shortcode in versions

6.4CVSS4.7AI score0.00211EPSS

Exploits0References3

CVE•added 2025/09/30 3:35 a.m.•17 views

CVE-2025-9852

CVE-2025-9852 : Yoga Schedule Momoyoga WordPress plugin versions

6.4CVSS4.7AI score0.00219EPSS

Exploits0References3

Cvelist•added 2025/09/30 3:35 a.m.•12 views

CVE-2025-9852 Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS0.00219EPSS

Exploits0References3

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-10131 All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00176EPSS

Exploits0References2

CVE•added 2025/09/30 3:35 a.m.•17 views

CVE-2025-10130

CVE-2025-10130 concerns the WordPress Layers plugin (vulnerable versions:

6.4CVSS4.7AI score0.00218EPSS

Exploits0References4

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-10130 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.00218EPSS

Exploits0References4

Cvelist•added 2025/09/30 3:35 a.m.•6 views

CVE-2025-10130 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00218EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by