PT-2026-39950

The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbd post carousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2026-0738

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sucarousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'suslidelink' attachment meta field...

CVE-2026-0738

CVE-2026-0738 affects the WordPress plugin Shortcodes Ultimate (WP Shortcodes Plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the su_carousel shortcode, up to version 7.4.8 inclusive. Root cause: insufficient input sanitization and output escaping in the su_slide_link attach...

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Shortcodes Ultimate plugin <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability

authenticated Contributor+ Stored Cross-Site Scripting via 'sucarousel' Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.8...

CVE-2024-51842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through = 1.2...

CVE-2024-51842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through = 1.2...

CVE-2024-51842

CVE-2024-51842 involves the WordPress plugin “Image Carousel Shortcode.” The vulnerability is a DOM-based XSS caused by improper input neutralization during web page generation, affecting Image Carousel Shortcode versions up to 1.2. The provided documents do not specify exploitation status, impac...

WordPress plugin Image Carousel Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2024-34970 · Unknown · Sazzad Hu Image Carousel Shortcode

Name of the Vulnerable Software and Affected Versions: Sazzad Hu Image Carousel Shortcode versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that the...

WordPress Image Carousel Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Image Carousel Shortcode versions = 1.2...