CVE-2025-12661

CVE-2025-12661 affects the Pollcaster Shortcode Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the height attribute of the pollcaster shortcode in all versions up to 1.0, caused by insufficient input sanitization and output escaping. All evidence indicates an a...

CVE-2025-12661 Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

WordPress plugin Pollcaster Shortcode Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Pollcaster Shortcode Plugin plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Pollcaster Shortcode Plugin versions = 1.0...