CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2025/07/04 9:15 a.m.•0 views

CVE-2025-30943

6.5CVSS5.9AI score0.00156EPSS

NVD•added 2025/07/04 9:15 a.m.•8 views

CVE-2025-30943

6.5CVSS0.00156EPSS

Cvelist•added 2025/07/04 8:42 a.m.•18 views

CVE-2025-30943 WordPress Posts Slider Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00156EPSS

CVE•added 2025/07/04 8:42 a.m.•20 views

CVE-2025-30943

CVE-2025-30943 concerns WordPress plugin Posts Slider Shortcode . The vulnerability is due to improper neutralization of input during web page generation, enabling DOM-based XSS . Affected software is the Posts Slider Shortcode plugin for WordPress, versions up to 1.0 (likely inclusive). The CVE ...

6.5CVSS5.9AI score0.00156EPSS

OSV•added 2025/07/04 3:15 a.m.•2 views

CVE-2025-6787

The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocssearch' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS6AI score0.0021EPSS

OSV•added 2025/07/04 3:15 a.m.•3 views

CVE-2025-6739

The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'wpquiz' shortcode in all versions up to, and including, 0.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.8AI score0.00277EPSS

CNNVD•added 2025/07/04 12:0 a.m.•5 views

WordPress plugin Posts Slider Shortcode Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS5.7AI score0.00156EPSS

Positive Technologies•added 2025/07/04 12:0 a.m.•7 views

PT-2025-27886 · Unknown · Aakif Kadiwala Posts Slider Shortcode

Name of the Vulnerable Software and Affected Versions: Aakif Kadiwala Posts Slider Shortcode versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This means that an attacker...

6.5CVSS5.4AI score0.00156EPSS

OSV•added 2025/07/02 4:16 a.m.•3 views

CVE-2025-6687

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.00206EPSS

OSV•added 2025/07/02 4:16 a.m.•3 views

CVE-2025-6686

5.4CVSS5.9AI score0.00198EPSS

OSV•added 2025/07/01 10:15 a.m.•5 views

CVE-2025-6756

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.00204EPSS

Exploits0References4

RedhatCVE•added 2025/07/01 5:14 a.m.•7 views

CVE-2025-6462

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS6.2AI score0.00198EPSS

NVD•added 2025/06/29 5:15 a.m.•5 views

CVE-2025-6462

6.4CVSS0.00198EPSS

OSV•added 2025/06/29 5:15 a.m.•2 views

CVE-2025-6462

5.4CVSS6AI score0.00198EPSS

Cvelist•added 2025/06/29 4:23 a.m.•8 views

CVE-2025-6462 EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode

6.4CVSS0.00198EPSS

Vulnrichment•added 2025/06/29 4:23 a.m.•4 views

CVE-2025-6462 EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode

6.4CVSS6.6AI score0.00198EPSS

CNNVD•added 2025/06/29 12:0 a.m.•1 views

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.2AI score0.00198EPSS

Exploits0References4

OSV•added 2025/06/27 8:15 a.m.•2 views

CVE-2025-6689

The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS6AI score0.00165EPSS

CNNVD•added 2025/06/27 12:0 a.m.•2 views

WordPress plugin Podcast Feed Player Widget and Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.5CVSS5.7AI score0.00192EPSS