WordPress Elementor Pro plugin <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Ankit Patel in WordPress Plugin Elementor Pro versions = 3.25.10...

WordPress EthereumICO plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via ethereum-ico Shortcode vulnerability discovered by zaim in WordPress Plugin EthereumICO versions = 2.4.6...

WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Alex Reservations versions = 2.0.5...

CVE-2024-12708

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12708

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12708 Bulk Me Now <= 2.0 - Stored XSS via Shortcode

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2025-2127 · WordPress · Stockdio Historical Chart

Name of the Vulnerable Software and Affected Versions: Stockdio Historical Chart plugin for WordPress versions up to, and including, 2.8.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode due to insufficient input sanitizatio...

PT-2025-1851 · WordPress · Wp Dispensary

Name of the Vulnerable Software and Affected Versions: WP Dispensary plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpd menu' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-2228 · WordPress · Wordpress Survey & Poll

Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to and including 1.7.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject SQL queries via the id attribute o...

PT-2025-1748 · WordPress · Typer Core

Name of the Vulnerable Software and Affected Versions: Typer Core plugin for WordPress versions up to, and including, 1.9.6 Description: The issue concerns insufficient restrictions on which posts can be included through the 'elementor-template' shortcode, allowing authenticated attackers with...

PT-2025-2184 · WordPress · Atakan Au Automatically Hierarchic Categories In Menu

Name of the Vulnerable Software and Affected Versions: Automatically Hierarchic Categories in Menu plugin for WordPress versions up to, and including, 2.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode due to insufficient input...

PT-2025-2186 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.24 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcode due to insufficient input...

PT-2025-1980 · WordPress · Ethereumico

Name of the Vulnerable Software and Affected Versions: EthereumICO plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1853 · WordPress · Html5 Chat Plugin

Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...

PT-2025-3701 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions prior to 3.25.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, a...

PT-2025-2249 · WordPress · Embed Swagger

Name of the Vulnerable Software and Affected Versions: Embed Swagger UI plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2025-2143 · WordPress · Alex Reservations

Name of the Vulnerable Software and Affected Versions: Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rr form' shortcode due to insufficient input sanitization...

PT-2025-2241 · WordPress · Music Sheet Viewer

Name of the Vulnerable Software and Affected Versions: Music Sheet Viewer plugin for WordPress versions up to, and including, 4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'pn msv' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-13561 Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode

The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bridoverrideyt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2218 · WordPress · Target Video Easy Publish

Name of the Vulnerable Software and Affected Versions: Target Video Easy Publish plugin for WordPress versions up to, and including, 3.8.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's brid override yt shortcode due to insufficient input sanitization and output...