Lucene search
+L

95 matches found

Vulnrichment
Vulnrichment
added 2026/02/18 6:42 a.m.1 views

CVE-2026-1807 InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/07 8:26 a.m.33 views

CVE-2025-15477 The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 2:23 a.m.8 views

CVE-2026-1228

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:43 a.m.5 views

CVE-2026-1244

The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...

6.4CVSS6AI score0.00251EPSS
Exploits0References5
CVE
CVE
added 2026/01/07 9:21 a.m.21 views

CVE-2025-14147

CVE-2025-14147 affects the WordPress extension Easy GitHub Gist Shortcodes . The vulnerability is a Stored Cross-Site Scripting (XSS) via the shortcodes’ id parameter, exploitable on all versions up to and including 1.0. The Wordfence report specifies that exploitation requires authenticated acce...

6.4CVSS4.8AI score0.00181EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/06 11:14 p.m.5 views

WordPress Easy GitHub Gist Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Easy GitHub Gist Shortcodes versions = 1.0...

6.4CVSS5.6AI score0.00181EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/06 3:21 a.m.3 views

CVE-2025-14153 Page Expire Popup/Redirection for WordPress <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute

The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2025/12/06 5:49 a.m.36 views

CVE-2025-13898

The Ultra Skype Button WordPress plugin (Ultra Skype Button, Plugin Slug: ultra-skype-button) is affected by CVE-2025-13898: a Stored Cross-Site Scripting vulnerability in the btn_id attribute of the [ultra_skype] shortcode. Affects all versions up to 1.0. Root cause: insufficient input sanitizat...

6.4CVSS4.8AI score0.00201EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.13 views

CVE-2025-11808

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS5AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 9:15 a.m.6 views

CVE-2025-11808

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 8:28 a.m.4 views

CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 8:15 a.m.18 views

CVE-2025-11800

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.9 views

CVE-2025-11800 Surbma | MiniCRM Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.4 views

CVE-2025-11800 Surbma | MiniCRM Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'minicrm' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS4.7AI score0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.4 views

CVE-2025-11869

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

6.4CVSS5AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.5 views

EUVD-2025-60941

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

6.4CVSS4.6AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2025/11/11 4:15 a.m.6 views

CVE-2025-11869

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

6.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.16 views

CVE-2025-11869

CVE-2025-11869 : The WordPress plugin Precise Columns (versions

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.14 views

CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

6.4CVSS0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.2 views

CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapid shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when inserting the wrapper ID into the generated HTML...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
Rows per page
Query Builder