8983 matches found
WordPress plugin JSM file_get_contents Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...
PT-2025-38971
Name of the Vulnerable Software and Affected Versions Last Updated Shortcode versions through 1.0.1 Description The Last Updated Shortcode software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means that...
WordPress plugin Last Updated Shortcode Cross-site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...
PT-2025-38942
Name of the Vulnerable Software and Affected Versions JS Morisset JSM file get contents Shortcode versions through 2.7.1 Description A flaw exists in JS Morisset JSM file get contents Shortcode that allows for Stored Cross-site Scripting XSS. This issue is due to improper neutralization of input...
CVE-2025-10181
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2025-10181
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2025-10181 Draft List <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2025-10181
CVE-2025-10181 – Draft List (WordPress) stored XSS affects the Draft List plugin for WordPress, versions up to and including 2.6. Root cause: insufficient input sanitization and output escaping on the plugin’s drafts shortcode attributes. Vulnerability requires authenticated access at contributor...
CVE-2025-10652
The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘moduleid’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-10652 Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode
The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘moduleid’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-10652
CVE-2025-10652 affects the Robcore Netatmo WordPress plugin up to v1.7. It is an SQL Injection via the module_id attribute in the robcore-netatmo shortcode. The vulnerability allows authenticated attackers with Contributor-level access and above to inject additional SQL into existing queries, pot...
CVE-2025-10652 Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode
The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘moduleid’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
PT-2025-38627
Name of the Vulnerable Software and Affected Versions Robcore Netatmo plugin for WordPress versions up to and including 1.7 Description The Robcore Netatmo plugin for WordPress is susceptible to SQL Injection through the module id attribute of the robcore-netatmo shortcode. Insufficient escaping ...
PT-2025-38629
Name of the Vulnerable Software and Affected Versions Draft List plugin for WordPress versions prior to 2.7 Description The Draft List plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s ‘drafts’ shortcode. Insufficient input sanitization and output escaping on...
CVE-2025-9565
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksynewslettersubscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10125
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10143
The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catchdarkmode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on t...
CVE-2025-8394
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10166
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...