CVE-2026-53742 Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

CVE-2026-53742

CVE-2026-53742 affects the WordPress plugin Simple Link Directory up to version 9.0.4. The issue is a Stored XSS via embed shortcode attributes: the embedder template echoes shortcode attributes into HTML data attributes without escaping. Attackers with contributor access can craft a shortcode at...

CVE-2026-7662

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

CVE-2026-7662

CVE-2026-7662 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin ePaperFlip Publisher (versions

CVE-2025-13054

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

CVE-2025-13054 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

CVE-2025-13054

CVE-2025-13054 affects the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” up to version 3.14.8. The vulnerability is a Stored Cross-Site Scripting (XSS) via the wppb-embed shortcode, caused by insufficient input sanitization and outpu...

PT-2025-47437

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppb-embed shortcode in all versions up to, and including, 3.14.8 due to insufficient input sanitization and output...

WordPress plugin User Profile Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-11857

The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxpfb2wpdisplayembed' shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing user input and output of the 'postid' parameter. This makes it...

CVE-2025-10196

The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'surveyanyplaceembed' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-39937

Name of the Vulnerable Software and Affected Versions Survey Anyplace plugin for WordPress versions prior to 1.0.1 Description The software contains a Stored Cross-Site Scripting issue stemming from insufficient input sanitization and output escaping on user-supplied attributes within the...

CVE-2024-10176

The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scembedplayer shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-16100 · WordPress · Streamweasels Youtube Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels YouTube Integration plugin for WordPress versions up to, and including, 1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode due to insufficient input sanitization an...

WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...

CVE-2024-9897

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-39923 · WordPress · Streamweasels Twitch Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Twitch Integration plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode due to insufficient input sanitization and...

WordPress StreamWeasels Twitch Integration plugin <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels Twitch Integration versions = 1.8.6...