8984 matches found
WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Latest Post Shortcode versions = 14.0.3...
CVE-2025-58609 WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Stored XSS.This issue affects Latest Post Shortcode: from n/a through = 14.0.3...
CVE-2025-58609 WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Stored XSS.This issue affects Latest Post Shortcode: from n/a through = 14.0.3...
CVE-2025-58609
CVE-2025-58609 affects the WordPress plugin Latest Post Shortcode (versions up to 14.0.3). The issue is a Stored XSS caused by improper input neutralization during web page generation. Exploitation could occur via the plugin’s shortcode rendering, leading to script execution in affected sites. Th...
WordPress plugin Latest Post Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2025-35743
Name of the Vulnerable Software and Affected Versions: Latest Post Shortcode versions through 14.0.3 Description: The Latest Post Shortcode contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. Recommendations: Update...
CVE-2025-9500
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-48313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through = 2.2...
CVE-2025-9499
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9500
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-9500 TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-9500 TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-9499
CVE-2025-9499 refers to a Stored Cross‑Site Scripting vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.9). The issue stems from insufficient input sanitization and output escaping in the oceanwp_library shortcode, enabling an authenticated attacker with contribu...
CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-35344
Name of the Vulnerable Software and Affected Versions: Ocean Extra plugin for WordPress versions through 2.4.9 Description: The Ocean Extra plugin for WordPress is susceptible to Stored Cross-Site Scripting via the oceanwp library shortcode due to insufficient input sanitization and output escapi...
PT-2025-35345
Name of the Vulnerable Software and Affected Versions: TablePress versions prior to 3.3 Description: The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting via the shortcode debug parameter due to insufficient input sanitization and output escaping. This allows...
Linux Distros Unpatched Vulnerability : CVE-2019-16219
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 allows XSS in shortcode previews. CVE-2019-16219 Note that Nessus relies on the presence of the package as reported by the vendor...
CVE-2025-48313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through = 2.2...
CVE-2025-48313
CVE-2025-48313 affects the WordPress Tripadvisor Shortcode plugin (versions