8983 matches found
CVE-2025-9851
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9565
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksynewslettersubscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-9565
The CVE concerns the WordPress Blocksy Companion plugin. All versions up to 2.1.10 are affected via the blocksy_newsletter_subscribe shortcode due to insufficient input sanitization and output escaping, allowing authenticated users with contributor-level access or higher to inject arbitrary scrip...
CVE-2025-9565 Blocksy Companion <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocksynewslettersubscribe shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10125
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10125 Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10125
The CVE-2025-10125 issue affects the WordPress plugin Memberlite Shortcodes (versions prior to or up to 1.4). The vulnerability is a Stored Cross‑Site Scripting flaw in the grid/“row” shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: auth...
CVE-2025-9851
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8394
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10166
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10143
The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catchdarkmode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on t...
CVE-2025-9851
CVE-2025-9851 affects the WordPress Appointmind plugin. The vulnerability is a Stored Cross‑Site Scripting via the appointmind_calendar shortcode in all versions up to 4.1.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...
CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10166
CVE-2025-10166 describes a Stored Cross-Site Scripting flaw in the WordPress plugin Social Media Shortcodes (versions up to and including 1.3.1). The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes of the plugin’s twitter shortcode, enabli...
CVE-2025-8394 Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-38101
Name of the Vulnerable Software and Affected Versions: Productive Style plugin for WordPress versions up to and including 1.1.23 Description: The Productive Style plugin for WordPress is susceptible to Stored Cross-Site Scripting through the display productive breadcrumb shortcode. Insufficient...
PT-2025-38111
Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions prior to 1.5 Description: The Memberlite Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'row' shortcode. Insufficient input sanitization and output...