CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8980 matches found

Positive Technologies•added 2025/09/17 12:0 a.m.•6 views

PT-2025-38101

Name of the Vulnerable Software and Affected Versions: Productive Style plugin for WordPress versions up to and including 1.1.23 Description: The Productive Style plugin for WordPress is susceptible to Stored Cross-Site Scripting through the display productive breadcrumb shortcode. Insufficient...

6.4CVSS5AI score0.00223EPSS

Exploits0References9

Positive Technologies•added 2025/09/17 12:0 a.m.•6 views

PT-2025-38111

Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions prior to 1.5 Description: The Memberlite Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'row' shortcode. Insufficient input sanitization and output...

6.4CVSS5.1AI score0.00254EPSS

Exploits0References8

RedhatCVE•added 2025/09/14 3:25 a.m.•11 views

CVE-2025-9877

The Embed Google Datastudio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'egds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2025/09/14 3:25 a.m.•12 views

CVE-2025-9879

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2025/09/13 7:25 a.m.•10 views

CVE-2025-9861

The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'losshowposts' shortcode in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2025/09/13 7:25 a.m.•18 views

CVE-2025-9860

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2025/09/13 7:25 a.m.•10 views

CVE-2025-9855

The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplugauthors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2025/09/13 7:25 a.m.•6 views

CVE-2025-9850

The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveniumsingleevent' shortcode in all versions up to, and including, 1.3.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2025/09/13 7:25 a.m.•8 views

CVE-2025-8721

The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's workablejobs shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00271EPSS

Exploits0References1

RedhatCVE•added 2025/09/13 7:25 a.m.•8 views

CVE-2025-8398

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00216EPSS

Exploits0References1

RedhatCVE•added 2025/09/12 7:11 a.m.•2 views

CVE-2025-9857

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5AI score0.00216EPSS

Exploits0References1

RedhatCVE•added 2025/09/12 7:11 a.m.•2 views

CVE-2025-10126

The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00216EPSS

Exploits0References1

NVD•added 2025/09/12 4:16 a.m.•2 views

CVE-2025-9879

6.4CVSS0.0018EPSS

Exploits0References2

NVD•added 2025/09/12 4:16 a.m.•3 views

CVE-2025-9877

6.4CVSS0.0018EPSS

Exploits0References2

CVE•added 2025/09/12 3:22 a.m.•26 views

CVE-2025-9877

The CVE-2025-9877 entry concerns the WordPress plugin Embed Google Datastudio. It describes a Stored Cross-Site Scripting (XSS) vulnerability in the egds shortcode across all versions up to 1.0.0, caused by insufficient input sanitization and output escaping of user-supplied attributes. The impac...

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Vulnrichment•added 2025/09/12 3:22 a.m.•3 views

CVE-2025-9877 Embed Google Datastudio <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Cvelist•added 2025/09/12 3:22 a.m.•13 views

CVE-2025-9877 Embed Google Datastudio <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.0018EPSS

Exploits0References2

CVE•added 2025/09/12 3:22 a.m.•26 views

CVE-2025-9879

CVE-2025-9879 affects the Spotify Embed Creator WordPress plugin (versions

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Cvelist•added 2025/09/12 3:22 a.m.•10 views

CVE-2025-9879 Spotify Embed Creator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.0018EPSS

Exploits0References2

CNVD•added 2025/09/12 12:0 a.m.•1 views

WordPress Testimonial Plugin SQL Injection Vulnerability

WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...

6.5CVSS8.1AI score0.00258EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by