8972 matches found
CVE-2025-10194
CVE-2025-10194 concerns the WordPress plugin Shortcode Button (
CVE-2025-10194 Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10141 Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
EUVD-2025-34538
The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
EUVD-2025-34536
The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10141 Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-10194 Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10140 Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-34546
The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11365
CVE-2025-11365 : The WP Google Map Plugin for WordPress (
CVE-2025-11365 WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection
The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-10135
CVE-2025-10135 (WP ViewSTL <= 1.0) stores cross-site scripting via the WordPress plugin’s viewstl shortcode. Authenticated attackers with contributor-level access or higher can inject scripts that execute for page visitors who load the injected page. The issue arises from insufficient input sa...
CVE-2025-10135 WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-10135 WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-10132
The CVE-2025-10132 issue affects the Dhivehi Text WordPress plugin (versions
CVE-2025-11722
The CVE CVE-2025-11722 affects the WordPress plugin “Woocommerce Category and Products Accordion Panel” (accordion-panel-for-category-and-products). The vulnerability is Local File Inclusion via the categoryaccordionpanel shortcode in all versions up to 1.0, exploitable by authenticated attackers...
CVE-2025-10132 Dhivehi Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-34554
The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11722 Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion
The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2025-10132 Dhivehi Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...