8980 matches found
CVE-2025-9858
The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abfvehicle' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-9859
The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-9875
The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketspot' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-9876
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9199
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-10192
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10165
CVE-2025-10165 affects the WordPress plugin AP Background. A stored XSS flaw exists in the adv_parallax_back shortcode due to insufficient input sanitization and output escaping in versions up to 3.8.2, allowing authenticated users with contributor-level access or higher to inject and execute scr...
CVE-2025-9129
CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...
CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode
The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-7825 Schema Plugin For Divi, Gutenberg & Shortcodes <= 4.3.2 - Authenticated (Contributor+) Object Instantiation
The Schema Plugin For Divi, Gutenberg & Shortcodes plugin for WordPress is vulnerable to Object Instantiation in all versions up to, and including, 4.3.2 via deserialization of untrusted input via the wptschemabreadcrumbs shortcode. This makes it possible for authenticated attackers, with...
CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode
The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9858
CVE-2025-9858 refers to the WordPress plugin Auto Bulb Finder for WordPress with a stored cross-site scripting vulnerability in the abf_vehicle shortcode. Affected versions are up to and including 2.8.0, where insufficient input validation and output escaping allows authenticated attackers with c...
CVE-2025-9859 Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Fintelligence Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fintelligence-calculator' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-9199
The CVE-2025-9199 entry corresponds to a SQL Injection vulnerability in the WordPress plugin Woo superb slideshow transition gallery with random effect (versions up to 9.1). Red Hat, NVD, CVE lists describe exploitation via the woo-superb-slideshow shortcode caused by insufficient escaping of use...
CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
EUVD-2025-32264
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-9199 Woo superb slideshow transition gallery with random effect <= 9.1 - Authenticated (Contributor+) SQL Injection
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-10192
CVE-2025-10192 – WP Photo Effects (WordPress) is an authenticated Stored XSS vulnerability in the wppe_effect shortcode affecting all versions up to 1.2.4. The issue arises from insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing an attacker with co...
CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...