61 matches found
CVE-2025-12672
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-11860 Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitterfeed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and 'height' parameters. This makes it possible...
CVE-2025-12672
The Flickr Show plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the flickrshow shortcode div_height parameter, impacting all versions up to 1.5. Exploitation requires authenticated access at Contributor level or higher, enabling the attacker to inject scri...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12754 Geopost <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter of the 'geopost' shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12754
CVE-2025-12754 (Geopost WordPress plugin) : Concrete details are provided across multiple connected sources. The Geopost plugin (WordPress) is affected in all versions up to 1.2 and is vulnerable to Stored Cross-Site Scripting via the height parameter of the geopost shortcode. The root cause is i...
PT-2025-46257
Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1 Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does no...
PT-2025-46296
Name of the Vulnerable Software and Affected Versions Geopost plugin for WordPress versions prior to 1.3 Description The Geopost plugin for WordPress is susceptible to Stored Cross-Site Scripting through the height parameter of the 'geopost' shortcode. This is caused by inadequate input...
WordPress plugin Coon Google Maps 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Coon Maps plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...
PT-2025-46293
Name of the Vulnerable Software and Affected Versions Flickr Show plugin for WordPress versions prior to 1.6 Description The software is susceptible to Stored Cross-Site Scripting through the div height parameter of the 'flickrshow' shortcode. Insufficient input sanitization and output escaping...
EUVD-2010-4865
Malware in sbrugna...
EUVD-2014-4501
Malware in sbrugna...
EUVD-2025-25422
Malicious code in bioql PyPI...
CVE-2025-8064
The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter
The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter
The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-34202 · WordPress · Bible Supersearch
Name of the Vulnerable Software and Affected Versions: Bible SuperSearch plugin for WordPress versions prior to 6.0.2 Description: The Bible SuperSearch plugin for WordPress is susceptible to Stored Cross-Site Scripting via the selector height parameter. Insufficient input sanitization and output...
CVE-2025-8391
CVE-2025-8391 – Magic Edge – Lite (WordPress) is a Stored Cross-Site Scripting vulnerability in the plugin for all versions up to 1.1.6, triggered by the height parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or...
WordPress plugin Magic Edge – Lite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...