CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/09/30 3:35 a.m.•3 views

CVE-2025-8623 WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode

The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmapsmenu shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00211EPSS

CVE•added 2025/09/30 3:35 a.m.•17 views

CVE-2025-9852

CVE-2025-9852 : Yoga Schedule Momoyoga WordPress plugin versions

6.4CVSS4.7AI score0.00219EPSS

Cvelist•added 2025/09/30 3:35 a.m.•12 views

CVE-2025-9852 Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS0.00219EPSS

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-10131 All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00176EPSS

CVE•added 2025/09/30 3:35 a.m.•19 views

CVE-2025-10130

CVE-2025-10130 concerns the WordPress Layers plugin (vulnerable versions:

6.4CVSS4.7AI score0.00218EPSS

Vulnrichment•added 2025/09/30 3:35 a.m.•2 views

CVE-2025-10130 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.00218EPSS

Cvelist•added 2025/09/30 3:35 a.m.•6 views

CVE-2025-10130 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00218EPSS

Vulnrichment•added 2025/09/30 3:35 a.m.•4 views

CVE-2025-10179 My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS4.7AI score0.00183EPSS

Cvelist•added 2025/09/30 3:35 a.m.•7 views

CVE-2025-10179 My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00183EPSS

Positive Technologies•added 2025/09/30 12:0 a.m.•4 views

PT-2025-39934

Name of the Vulnerable Software and Affected Versions dbview plugin for WordPress versions prior to 0.5.6 Description The dbview plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'dbview' shortcode. Insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.3AI score0.00214EPSS

Positive Technologies•added 2025/09/30 12:0 a.m.•2 views

PT-2025-39929

Name of the Vulnerable Software and Affected Versions Eulerpool Research Systems plugin for WordPress versions through 4.0.1 Description The software contains a flaw due to inadequate input sanitization and output escaping on user-supplied attributes within the 'aaq' shortcode. This allows...

6.4CVSS6.5AI score0.00176EPSS

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-39948

Name of the Vulnerable Software and Affected Versions Yoga Schedule Momoyoga plugin for WordPress versions prior to 2.9.1 Description The Yoga Schedule Momoyoga plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'momoyoga-schedule' shortcode. Insufficient input...

6.4CVSS5.3AI score0.00219EPSS

CNNVD•added 2025/09/30 12:0 a.m.•1 views

WordPress plugin Eulerpool Research Systems 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

6.4CVSS6AI score0.00176EPSS

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-39933

Name of the Vulnerable Software and Affected Versions My AskAI plugin for WordPress versions prior to 1.0.1 Description The My AskAI plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'myaskai' shortcode. This is caused by inadequate input sanitization and output...

6.4CVSS5.4AI score0.00183EPSS

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-39936

Name of the Vulnerable Software and Affected Versions The Big Post Shipping for WooCommerce plugin versions prior to 2.1.2 Description The software is susceptible to Stored Cross-Site Scripting through the 'wooboigpost shipping status' shortcode. Insufficient input sanitization and output escapin...

6.4CVSS5.5AI score0.00226EPSS

Exploits0References6

Positive Technologies•added 2025/09/30 12:0 a.m.•4 views

PT-2025-39935

Name of the Vulnerable Software and Affected Versions BP Direct Menus plugin for WordPress versions prior to 1.0.1 Description The BP Direct Menus plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'bpdm login' shortcode. Insufficient input sanitization and output...

6.4CVSS5.3AI score0.00176EPSS