CVE-2025-46481 WordPress Flickr Shortcode Importer plugin <= 2.2.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer flickr-shortcode-importer allows Object Injection.This issue affects Flickr Shortcode Importer: from n/a through = 2.2.3...

CVE-2025-46481

CVE-2025-46481 describes a Deserialization of Untrusted Data vulnerability in WordPress Flickr Shortcode Importer (

CVE-2025-46511 WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71...

CVE-2025-46511 WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Derek Springer BeerXML Shortcode beerxml-shortcode allows Server Side Request Forgery.This issue affects BeerXML Shortcode: from n/a through = 0.7.1...

CVE-2025-46511

CVE-2025-46511 corresponds to a SSRF vulnerability in the WordPress BeerXML Shortcode plugin (versions

CVE-2025-46540 WordPress GNA Search Shortcode plugin <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Search Shortcode: from n/a through = 0.9.5...

CVE-2025-46540 WordPress GNA Search Shortcode plugin <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Search Shortcode: from n/a through = 0.9.5...

CVE-2025-46540

CVE-2025-46540 affects the WordPress plugin GNA Search Shortcode (versions up to and including 0.9.5). It is a stored XSS due to improper neutralization of input during web page generation. CVSS 3.1 base metrics: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (base score 6.5, MEDIUM). There is no exploitati...

WordPress plugin Flickr Shortcode Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue vulnerability...

WordPress plugin GNA Search Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress plugin BeerXML Shortcode 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-17817 · Unknown · Beerxml Shortcode

Name of the Vulnerable Software and Affected Versions: BeerXML Shortcode versions 0.71 and earlier Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for Server Side Request Forgery. This issue can be exploited by making the server send requests to unintended...

PT-2025-17839 · Unknown · Gna Search Shortcode

Name of the Vulnerable Software and Affected Versions: GNA Search Shortcode versions 0.9.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

CVE-2025-3472

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-3457

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwpicon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-3472

The CVE-2025-3472 entry concerns the Ocean Extra WordPress plugin (versions up to and including 2.4.6). The vulnerability arises from inadequate validation in handling shortcodes via do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is installed and...

CVE-2025-3457

The CVE-2025-3457 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.6) that is exploitable by authenticated attackers with contributor-level access and above via the oceanwp_icon shortcode. The issue arises from...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-17522

Name of the Vulnerable Software and Affected Versions The Ocean Extra plugin for WordPress versions up to, and including, 2.4.6 Description The issue is related to arbitrary shortcode execution. It occurs because the software does not properly validate a value before running do shortcode, allowin...