CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/10/15 9:15 a.m.•12 views

CVE-2025-10132

The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00214EPSS

Cvelist•added 2025/10/15 8:26 a.m.•6 views

CVE-2025-10682 TARIFFUXX <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode

The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly in SQL queries. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

6.5CVSS0.0028EPSS

EUVD•added 2025/10/15 8:26 a.m.•2 views

EUVD-2025-34535

6.5CVSS6AI score0.0028EPSS

CVE•added 2025/10/15 8:26 a.m.•20 views

CVE-2025-10682

CVE-2025-10682 affects the TARIFFUXX WordPress plugin (versions

6.5CVSS6.1AI score0.0028EPSS

CVE•added 2025/10/15 8:26 a.m.•17 views

CVE-2025-10141

The CVE CVE-2025-10141 affects the WordPress Digiseller plugin (up to version 1.3.0) via the ds shortcode. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling Stored XSS. Impact: authenticated attackers (contributor+ level) can inject scripts that...

6.4CVSS6.1AI score0.00274EPSS

CVE•added 2025/10/15 8:26 a.m.•15 views

CVE-2025-10194

CVE-2025-10194 concerns the WordPress plugin Shortcode Button (

Cvelist•added 2025/10/15 8:26 a.m.•6 views

CVE-2025-10194 Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00265EPSS

Cvelist•added 2025/10/15 8:26 a.m.•8 views

CVE-2025-10141 Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00274EPSS

EUVD•added 2025/10/15 8:26 a.m.•2 views

EUVD-2025-34538

The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00274EPSS

EUVD•added 2025/10/15 8:26 a.m.•2 views

EUVD-2025-34536

Vulnrichment•added 2025/10/15 8:26 a.m.•1 views

CVE-2025-10194 Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Vulnrichment•added 2025/10/15 8:26 a.m.•1 views

CVE-2025-10141 Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS6AI score0.00274EPSS

Vulnrichment•added 2025/10/15 8:25 a.m.•1 views

CVE-2025-10140 Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD•added 2025/10/15 8:25 a.m.•3 views

EUVD-2025-34546

Cvelist•added 2025/10/15 8:25 a.m.•8 views

CVE-2025-11365 WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection

The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS0.00252EPSS

CVE•added 2025/10/15 8:25 a.m.•14 views

CVE-2025-11365

CVE-2025-11365 : The WP Google Map Plugin for WordPress (

6.5CVSS6.2AI score0.00252EPSS

CVE•added 2025/10/15 8:25 a.m.•17 views

CVE-2025-10135

CVE-2025-10135 (WP ViewSTL <= 1.0) stores cross-site scripting via the WordPress plugin’s viewstl shortcode. Authenticated attackers with contributor-level access or higher can inject scripts that execute for page visitors who load the injected page. The issue arises from insufficient input sa...

6.4CVSS4.7AI score0.00214EPSS

Cvelist•added 2025/10/15 8:25 a.m.•9 views

CVE-2025-10135 WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00214EPSS

Vulnrichment•added 2025/10/15 8:25 a.m.•4 views

CVE-2025-10135 WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00214EPSS