Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2018 matches found

NVD
NVDadded 2025/11/11 4:15 a.m.3 views

CVE-2025-11129

The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/11/11 3:30 a.m.2 views

CVE-2025-11129 Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type'

The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
CVE
CVEadded 2025/11/11 3:30 a.m.16 views

CVE-2025-11129

The WordPress plugin Include Fussball.de Widgets is vulnerable to Stored Cross‑Site Scripting via the api and type parameters in all versions up to 4.0.0. Exploitation requires Contributor‑level access or higher, and the XSS payload would execute when a user visits an injected page. CVE-2025-1112...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
CVE
CVEadded 2025/11/11 3:30 a.m.14 views

CVE-2025-12652

CVE-2025-12652 — Ungapped Widgets (WordPress) is a stored XSS vulnerability in the ungapped-form shortcode, exploitable via the prefillvalues parameter. Reports indicate exploitation requires authenticated access at contributor level or higher, with the attacker able to inject scripts that run fo...

6.4CVSS4.7AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/11 3:30 a.m.1 views

CVE-2025-12652 Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This mak...

6.4CVSS4.6AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/11 3:30 a.m.6 views

CVE-2025-12652 Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This mak...

6.4CVSS0.00157EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/11/11 12:48 a.m.3 views

WordPress Ungapped Widgets plugin <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Ungapped Widgets versions = 1...

6.4CVSS5.5AI score0.00157EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/11 12:0 a.m.3 views

PT-2025-46243

Name of the Vulnerable Software and Affected Versions Include Fussball.de Widgets plugin for WordPress versions up to and including 4.0.0 Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with...

6.4CVSS5.4AI score0.00189EPSS
Exploits0References6
CNNVD
CNNVDadded 2025/11/11 12:0 a.m.3 views

WordPress plugin Include Fussball.de Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/11 12:0 a.m.1 views

WordPress plugin Ungapped Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/11 12:0 a.m.3 views

PT-2025-46285

Name of the Vulnerable Software and Affected Versions Ungapped Widgets plugin for WordPress versions prior to 1.0 Description The software is susceptible to Stored Cross-Site Scripting through the prefillvalues parameter within the ungapped-form shortcode. This is a result of inadequate input...

6.4CVSS5.5AI score0.00157EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/08 12:0 a.m.4 views

PT-2025-45567

Name of the Vulnerable Software and Affected Versions Featured Image plugin for WordPress versions prior to 2.2 Description The Featured Image plugin for WordPress is susceptible to Stored Cross-Site Scripting through image metadata. Insufficient input sanitization and output escaping allows...

5.5CVSS5.2AI score0.00418EPSS
Exploits1References11
RedhatCVE
RedhatCVEadded 2025/11/06 10:13 a.m.11 views

CVE-2025-11820

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS5.1AI score0.00203EPSS
Exploits0References1
NVD
NVDadded 2025/11/05 10:15 a.m.2 views

CVE-2025-11820

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS0.00203EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2025/11/05 9:27 a.m.3 views

CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS4.8AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelistadded 2025/11/05 9:27 a.m.6 views

CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS0.00203EPSS
Exploits0References6
CVE
CVEadded 2025/11/05 9:27 a.m.15 views

CVE-2025-11820

CVE-2025-11820 concerns the Graphina – Elementor Charts and Graphs plugin for WordPress, affected up to version 3.1.8. The issue is a Stored Cross‑Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping on data attributes, enabling an authenticated attacke...

6.4CVSS4.8AI score0.00203EPSS
Exploits0References6
CNVD
CNVDadded 2025/11/05 12:0 a.m.1 views

WordPress Consulting Elementor Widgets plugin file inclusion vulnerability

WordPress Consulting Elementor Widgets plugin is a plugin for the Elementor page builder that allows users to add and customize website content with drag and drop functionality. A file inclusion vulnerability exists in the WordPress Consulting Elementor Widgets plugin, which stems from not...

7.5CVSS6.3AI score0.00319EPSS
Exploits0References1
NVD
NVDadded 2025/11/04 5:16 a.m.2 views

CVE-2025-12452

The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged...

6.1CVSS0.00099EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/04 4:27 a.m.7 views

CVE-2025-12452 Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged...

6.1CVSS0.00099EPSS
Exploits0References2
Rows per page
Query Builder