8952 matches found
PT-2026-45090
Name of the Vulnerable Software and Affected Versions GEO my WP versions prior to 4.5.6 Description The plugin is subject to SQL Injection, allowing unauthenticated attackers to append additional SQL queries to extract sensitive information from the database. The issue occurs because the swlatlng...
CVE-2026-9714
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...
CVE-2026-9714
The WordPress plugin Simple Divi Shortcode (versions ≤ 1.2) is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the id attribute of the [showmodule] shortcode. The flaw stems from insufficient input sanitization and output escaping in showmodule_shortcode(), which concatenates th...
CVE-2026-9714 Simple Divi Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...
CVE-2026-9714
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...
EUVD-2026-33252
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...
CVE-2026-9714 Simple Divi Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmoduleshortcode function, which...
WordPress plugin Simple Divi Shortcode 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-44754
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmodule shortcode function, which...
WordPress Simple Divi Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Divi Shortcode versions = 1.2...
CVE-2026-4334
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-4334 Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-4334
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-32750
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-32744
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
CVE-2026-9009
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...
CVE-2026-9644
The CVE pertains to the LiveSmart Video Chat WordPress plugin, affecting versions up to 1.2. The root cause is insufficient input sanitization and output escaping for attributes used by the livesmart_widget shortcode. This enables Stored Cross-Site Scripting where an attacker with contributor-lev...
CVE-2026-9009 Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...
CVE-2026-9644 LiveSmart Video Chat <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmartwidget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-9009 Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...