Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8978 matches found

CNVD
CNVDadded 2025/09/12 12:0 a.m.3 views

WordPress Evenium plugin cross-site scripting vulnerability

The Evenium plugin is an event management tool for the WordPress platform for creating and integrating Evenium meeting management features. Evenium plugin version 1.3.11 and prior versions suffer from a stored XSS vulnerability that stems from insufficient filtering of shortcode user input...

6.4CVSS6.5AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/12 12:0 a.m.5 views

PT-2025-37282

Name of the Vulnerable Software and Affected Versions: Spotify Embed Creator plugin for WordPress versions up to and including 1.0.5 Description: The Spotify Embed Creator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s spotify shortcode. Insufficient input...

6.4CVSS5AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/09/12 12:0 a.m.7 views

PT-2025-37281

Name of the Vulnerable Software and Affected Versions: Embed Google Datastudio plugin for WordPress versions prior to 1.0.1 Description: The Embed Google Datastudio plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s egds shortcode. Insufficient input...

6.4CVSS5.1AI score0.0018EPSS
Exploits0References5
NVD
NVDadded 2025/09/11 8:15 a.m.5 views

CVE-2025-9860

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.0018EPSS
Exploits0References2
NVD
NVDadded 2025/09/11 8:15 a.m.19 views

CVE-2025-8686

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0028EPSS
Exploits0References4
NVD
NVDadded 2025/09/11 8:15 a.m.9 views

CVE-2025-8721

The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's workablejobs shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00271EPSS
Exploits0References3
NVD
NVDadded 2025/09/11 8:15 a.m.18 views

CVE-2025-8398

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00216EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/09/11 7:25 a.m.6 views

CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00216EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/09/11 7:25 a.m.1 views

CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/09/11 7:25 a.m.25 views

CVE-2025-9855 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting

The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplugauthors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/09/11 7:25 a.m.1 views

CVE-2025-9855 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting

The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplugauthors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/11 7:24 a.m.7 views

CVE-2025-9860 Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/09/11 7:24 a.m.3 views

CVE-2025-9860 Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
CVE
CVEadded 2025/09/11 7:24 a.m.20 views

CVE-2025-9860

The WordPress Mixtape plugin is vulnerable to Stored Cross-Site Scripting (XSS) via the mixtape shortcode in all versions up to 1.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contributor-level access or...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
CVE
CVEadded 2025/09/11 7:24 a.m.19 views

CVE-2025-9874

CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...

7.5CVSS6.8AI score0.00545EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/09/11 7:24 a.m.10 views

CVE-2025-9850 Evenium <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveniumsingleevent' shortcode in all versions up to, and including, 1.3.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS0.0018EPSS
Exploits0References2
CVE
CVEadded 2025/09/11 7:24 a.m.22 views

CVE-2025-9850

The Evenium WordPress plugin (versions

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/11 7:24 a.m.8 views

CVE-2025-9861 ThemeLoom Widgets <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'losshowposts' shortcode in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0018EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/11 7:24 a.m.11 views

CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0028EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/09/11 7:24 a.m.1 views

CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.0028EPSS
Exploits0References4
Rows per page
Query Builder