CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/09/20 4:27 a.m.•19 views

CVE-2025-10181

CVE-2025-10181 – Draft List (WordPress) stored XSS affects the Draft List plugin for WordPress, versions up to and including 2.6. Root cause: insufficient input sanitization and output escaping on the plugin’s drafts shortcode attributes. Vulnerability requires authenticated access at contributor...

6.4CVSS4.7AI score0.00223EPSS

Cvelist•added 2025/09/20 4:27 a.m.•6 views

CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00223EPSS

Vulnrichment•added 2025/09/20 4:27 a.m.•2 views

CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00223EPSS

NVD•added 2025/09/20 2:15 a.m.•3 views

CVE-2025-10652

The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘moduleid’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS0.00278EPSS

CVE•added 2025/09/20 1:53 a.m.•21 views

CVE-2025-10652

CVE-2025-10652 affects the Robcore Netatmo WordPress plugin up to v1.7. It is an SQL Injection via the module_id attribute in the robcore-netatmo shortcode. The vulnerability allows authenticated attackers with Contributor-level access and above to inject additional SQL into existing queries, pot...

6.5CVSS6.2AI score0.00278EPSS

Cvelist•added 2025/09/20 1:53 a.m.•9 views

CVE-2025-10652 Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode

6.5CVSS0.00278EPSS

Vulnrichment•added 2025/09/20 1:53 a.m.•3 views

CVE-2025-10652 Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode

6.5CVSS6.2AI score0.00278EPSS

Positive Technologies•added 2025/09/20 12:0 a.m.•2 views

PT-2025-38627

Name of the Vulnerable Software and Affected Versions Robcore Netatmo plugin for WordPress versions up to and including 1.7 Description The Robcore Netatmo plugin for WordPress is susceptible to SQL Injection through the module id attribute of the robcore-netatmo shortcode. Insufficient escaping ...

6.5CVSS6.7AI score0.00278EPSS

Exploits0References6

Positive Technologies•added 2025/09/20 12:0 a.m.•3 views

PT-2025-38629

Name of the Vulnerable Software and Affected Versions Draft List plugin for WordPress versions prior to 2.7 Description The Draft List plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s ‘drafts’ shortcode. Insufficient input sanitization and output escaping on...

6.4CVSS5.2AI score0.00223EPSS

Exploits0References8

RedhatCVE•added 2025/09/19 6:25 a.m.•2 views

CVE-2025-9565

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksynewslettersubscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5AI score0.00231EPSS

RedhatCVE•added 2025/09/19 4:19 a.m.•5 views

CVE-2025-10125

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00254EPSS

RedhatCVE•added 2025/09/19 2:22 a.m.•15 views

CVE-2025-10143

The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catchdarkmode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on t...

7.5CVSS7AI score0.00578EPSS

RedhatCVE•added 2025/09/19 2:22 a.m.•10 views

CVE-2025-8394

The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS4.9AI score0.00223EPSS

RedhatCVE•added 2025/09/19 2:22 a.m.•15 views

CVE-2025-10166

The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00223EPSS

RedhatCVE•added 2025/09/19 2:22 a.m.•18 views

CVE-2025-9851

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.9AI score0.0018EPSS

NVD•added 2025/09/17 7:15 a.m.•2 views

CVE-2025-9565

6.4CVSS0.00231EPSS

CVE•added 2025/09/17 6:17 a.m.•17 views

CVE-2025-9565

The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...

6.4CVSS4.7AI score0.00231EPSS

Vulnrichment•added 2025/09/17 6:17 a.m.•1 views

CVE-2025-9565 Blocksy Companion <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode

6.4CVSS4.7AI score0.00231EPSS

NVD•added 2025/09/17 4:15 a.m.•4 views

CVE-2025-10125

6.4CVSS0.00254EPSS