CVE-2024-13806

CVE-2024-13806 – The Authors List plugin for WordPress (versions

CVE-2024-13559 TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'txwoowishlisttable' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

WordPress plugin The Authors List 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection vulnerabili...

PT-2025-9162 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to and including 2.0.6 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode action, allowing unauthenticated attackers to...

WordPress Authors List plugin <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by abrahack in WordPress Plugin Authors List versions = 2.0.6...

CVE-2025-1560

The WOW Entrance Effects WEE! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2024-13832

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'utelementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-12820

The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-1757

CVE-2025-1757 refers to WordPress Portfolio Builder – Portfolio Gallery (Uber Grid) with Stored XSS via pfhub_portfolio and pfhub_portfolio_portfolio shortcodes in versions up to 1.1.7. The Red Hat and CIRCL entries corroborate the description. The vulnerability requires authenticated access (Con...

PT-2025-9075 · WordPress · Secupress Free

Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

WordPress plugin Ultra Addons Lite for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-9064 · WordPress · Product Catalog Simple

Name of the Vulnerable Software and Affected Versions: Product Catalog Simple plugin for WordPress versions prior to 1.7.12 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the show products shortcode. This allows authenticated...

PT-2025-9079 · WordPress · Wow Entrance Effects

Name of the Vulnerable Software and Affected Versions: WOW Entrance Effects WEE! plugin for WordPress versions up to, and including, 0.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'wee' shortcode, allowing...

PT-2025-9071 · WordPress · Ultra Addons Lite For Elementor

Name of the Vulnerable Software and Affected Versions: Ultra Addons Lite for Elementor plugin for WordPress versions up to, and including, 1.1.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password-protected, private, or draft...

PT-2025-9057 · WordPress · Mk Google Directions

Name of the Vulnerable Software and Affected Versions: MK Google Directions plugin for WordPress versions up to and including 3.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'MKGD' shortcode, allowing authenticated...

WordPress Traveler theme <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Theme Traveler versions = 3.1.8...

CVE-2024-6261

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'FinalTilesGallery' shortcode in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress ThemeMakers Stripe Checkout plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeMakers Stripe Checkout versions = 1.0.1...

WordPress ThemeMakers PayPal Express Checkout plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeMakers PayPal Express Checkout versions = 1.1.9...