CVE-2026-3481

The CVE-2026-3481 entry concerns the WP Blockade WordPress plugin (versions

CVE-2026-3481 WP Blockade <= 0.9.14 - Reflected Cross-Site Scripting via 'shortcode' Parameter

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

PT-2026-42723

Name of the Vulnerable Software and Affected Versions WP Blockade versions prior to 0.9.15 Description The plugin is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing attackers to execute scripts in the...

EUVD-2026-20103

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

WordPress WP Blockade plugin <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

WordPress plugin WP Blockade 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...