8990 matches found
CVE-2025-4610
CVE-2025-4610 affects the WP-Members Membership Plugin for WordPress (versions up to and including 3.5.2). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpmem_user_memberships shortcode caused by insufficient input sanitization and output escaping of user-provided attributes. E...
CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...
CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7...
CVE-2025-48120 WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4...
CVE-2024-6718
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-5440
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2024-12722
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2024-12722
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2024-11502
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
CVE-2024-10818
The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10818
The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6718
The CVE-2024-6718 entry concerns the PVN Auth Popup WordPress plugin (versions
CVE-2024-6718 PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-5440
Affected software: WordPress plugin If-So Dynamic Content Personalization, versions prior to 1.8.0.3. Vulnerability: The plugin does not validate and escape certain shortcode attributes before outputting them on the page/post where the shortcode is embedded, enabling Stored XSS if exploited. Impa...
CVE-2024-5440 If-So Dynamic Content Personalization < 1.8.0.3 - Contributor+ Shortcode Stored XSS
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode
The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2024-12722
CVE-2024-12722 affects the WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode, alleging Stored Cross-Site Scripting via shortcode attributes in versions
CVE-2024-11502 Planning Center Online Giving <= 1.0.0 - Contributor+ XSS via Shortcode
The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
CVE-2024-11502
The CVE concerns the Planning Center Online Giving WordPress plugin (versions 1.0.0 and earlier). The vulnerability is due to unvalidated and unescaped shortcode attributes being echoed in pages/posts, enabling Stored XSS for users with the contributor role and above. Impact is described as store...