NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-13961	The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, an...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13960	The GPXpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gpxpress' shortcode in all versions up to, and includ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13906	The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and includ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13904	The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and in...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13889	The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and i...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13885	The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the `button` shortco...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13884	The Hide Email Address plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inline_css' parameter in the `bg-hide-email-address`...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13866	The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13850	The LS Google Map Router plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'map_type' parameter in all versions up to, and inc...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13846	The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including,...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13843	The VigLink SpotLight By ShortCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'float' parameter of the 'spotlight' shor...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13840	The BUKAZU Search widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortcode' parameter of the 'bukazu_search' shortc...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13747	The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to,...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13440	The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This ...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-13408	The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in a...	2025-12-12	4.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.