WordPress BP Better Messages plugin <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin BP Better Messages versions = 2.6.9...

CVE-2024-11132

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level an...

WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by muhammad yudha in WordPress Plugin Embed RSS versions = 3.1...

CVE-2025-22677 WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uix Shortcodes: from n/a through = 2.0.3...

WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Uix Shortcodes versions = 2.0.3...

CVE-2024-13612

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bettermessageslivechatbutton' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...

CVE-2024-12415

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12415 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12415

CVE-2024-12415 : The WordPress AI Infographic Maker plugin is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 4.9.0. The flaw arises from executing a value via do_shortcode without proper validation, enabling attackers to run arbitrary shortcodes. A...

CVE-2024-12415 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-13472

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472

CVE-2024-13472 affects the WordPress plugin “WooCommerce Product Table Lite” (versions up to and including 3.9.4). The issue allows unauthenticated attackers to achieve arbitrary shortcode execution due to improper validation before running do_shortcode, and the same sc_attrs parameter is vulnera...

WordPress Ticketmeo plugin <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Ticketmeo versions = 2.3.6...

CVE-2024-13101

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2025-1837 · WordPress · Ai Infographic Maker

Name of the Vulnerable Software and Affected Versions: AI Infographic Maker plugin for WordPress versions up to, and including, 4.9.0 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes i...