4 matches found
EUVD-2025-201522
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717 List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-49335
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before list' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...