8984 matches found
WordPress plugin Translate This gTranslate Shortcode Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-33543 · WordPress · Gtranslate +1
Name of the Vulnerable Software and Affected Versions: gTranslate versions prior to 1.0 Description: The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the base lang parameter due to insufficient input sanitization and output escaping. Th...
PT-2025-33590 · WordPress · Soledad Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Soledad WordPress Theme versions prior to 8.6.8 Description: The Soledad theme for WordPress is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate a value before running do shortcode,...
WordPress Surbma | Recent Comments Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Surbma | Recent Comments Shortcode versions = 2.0...
CVE-2025-8905
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
CVE-2025-7650
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7507
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-8905
CVE-2025-8905 concerns the WordPress plugin Inpersttion For Theme (versions up to 1.0). The vulnerability allows an authenticated attacker with Contributor-level access or higher to execute arbitrary server-side functions via the theme_section_shortcode() function, resulting in Remote Code Execut...
CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
CVE-2025-7662 Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection
The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
CVE-2025-7507 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-7650
The CVE-2025-7650 entry concerns the BizCalendar Web WordPress plugin (versions up to 1.1.0.50) and describes an Authenticated (Contributor+) Local File Inclusion via the bizcalv shortcode. The underlying risk is that an authenticated attacker with Contributor-level access can include and execute...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-8604
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-8604
CVE-2025-8604 – WP Table Builder vulnerability: Stored Cross-Site Scripting via the wptb shortcode in WordPress Table Plugin versions up to and including 2.0.12, caused by insufficient input sanitization and output escaping on user-supplied attributes. The issue affects authenticated users with c...
CVE-2025-8604 WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-8604 WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
PT-2025-33458 · WordPress · Elink – Embed Content
Name of the Vulnerable Software and Affected Versions: elink – Embed Content plugin for WordPress versions up to and including 1.1.0 Description: The elink – Embed Content plugin for WordPress is susceptible to malicious redirection due to insufficient restriction of URLs supplied through the eli...