8976 matches found
EUVD-2025-33839
The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-10190
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10167
The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwcstocksnapshotrestocked shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-10129
The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
EUVD-2025-33818
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10129 WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-10129 WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-10129
CVE-2025-10129 documents a Stored Cross‑Site Scripting vulnerability in the WordPress Live Webcam Widget & Shortcode plugin for WordPress (versions up to and including 1.2). The issue is triggered via the plugin’s 'webcam' shortcode due to insufficient input sanitization and output escaping, allo...
CVE-2025-10190
WP Easy Toggles for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s toggles shortcode in versions up to and including 1.9.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated users with contributor-lev...
CVE-2025-10190 WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10190 WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7652
CVE-2025-7652 affects the WordPress plugin Easy Plugin Stats. The issue is a stored XSS in the plugin’s eps shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated attackers with contributor-level access and above. Impact p...
CVE-2025-7652 Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10167
CVE-2025-10167 concerns the WordPress plugin “Stock History & Reports Manager for WooCommerce” (versions up to and including 2.2.1). The vulnerability is a Stored Cross-Site Scripting (XSS) in the alg_wc_stock_snapshot_restocked shortcode due to insufficient input sanitization and output escaping...
CVE-2025-9496
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11197
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197
CVE-2025-11197 concerns the Draft List plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the drafts shortcode in all versions up to 2.6.1. The attacker must have contributor-level access or higher to inject scripts that execute when users load injected pages. Connected sources c...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9496
CVE-2025-9496 affects the Enable Media Replace WordPress plugin (up to version 4.1.6). Root cause: stored XSS via the file_modified shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers withContributor+ access can inject ...