CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdmmembers' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute...

PT-2026-31571

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to and including 3.3.52 Description The Download Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through the sid parameter of the 'wpdm members' shortcode. This occur...

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

PT-2024-31684 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'su members' shortcode due to insufficient input sanitization and output escaping ...