CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/10/12 10:5 a.m.•1 views

CVE-2025-10190

The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00032EPSS

Exploits0References1

EUVD•added 2025/10/11 12:30 p.m.•1 views

EUVD-2025-33849

6.4CVSS4.7AI score0.00032EPSS

Exploits0References4

NVD•added 2025/10/11 10:15 a.m.•1 views

CVE-2025-10190

6.4CVSS0.00032EPSS

Exploits0References3

Cvelist•added 2025/10/11 9:28 a.m.•4 views

CVE-2025-10190 WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added 2025/10/11 9:28 a.m.•1 views

CVE-2025-10190 WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00032EPSS

Exploits0References3

CVE•added 2025/10/11 9:28 a.m.•8 views

CVE-2025-10190

WP Easy Toggles for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s toggles shortcode in versions up to and including 1.9.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated users with contributor-lev...

6.4CVSS4.7AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2025/10/11 12:0 a.m.•2 views

PT-2025-41665

Name of the Vulnerable Software and Affected Versions WP Easy Toggles versions prior to 1.9.1 Description The WP Easy Toggles plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'toggles' shortcode. This is due to inadequate input sanitization and output escaping of...

6.4CVSS5.4AI score0.00032EPSS

Exploits0References8

Patchstack•added 2025/09/05 10:27 a.m.•3 views

WordPress Toggles Shortcode and Widget plugin <= 1.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Toggles Shortcode and Widget versions = 1.14...

7.1CVSS6.1AI score0.00089EPSS

Exploits0Affected Software1

Patchstack•added 2025/01/07 7:17 a.m.•3 views

WordPress Toggles Shortcode and Widget plugin <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Yamil in WordPress Plugin Toggles Shortcode and Widget versions = 1.14...

4.4CVSS5.8AI score0.00398EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/01/07 4:22 a.m.•6 views

CVE-2024-12207 Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00398EPSS

Exploits0References2

CNNVD•added 2025/01/07 12:0 a.m.•2 views

WordPress plugin Toggles Shortcode and Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

4.4CVSS7.6AI score0.00398EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by