WordPress Show/Hide Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Show/Hide Shortcode versions = 1.0.0...

WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin MachForm Shortcode versions = 1.4.1...

CVE-2024-13572

The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

CVE-2024-13542

The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-13572

The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

CVE-2024-13594

The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofixsdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...

CVE-2024-12494

The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmltmeetingmap' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13583

The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2twsgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13680

The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CPEASYFORMWILLAPPEARHERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-13659

The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-2161 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...

PT-2025-1867 · WordPress · Bmlt Meeting Map

Name of the Vulnerable Software and Affected Versions: BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's bmlt meeting map shortcode. This...

PT-2025-2211 · WordPress · Wp Google Street View

Name of the Vulnerable Software and Affected Versions: WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress version 1.1.3 and all versions prior to this. Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode due ...

PT-2025-5507 · Unknown · Lars Wallenborn Show/Hide Shortcode

Name of the Vulnerable Software and Affected Versions: Lars Wallenborn Show/Hide Shortcode versions 1.0.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can...

WordPress plugin Show/Hide Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-5464 · Unknown · Machform Shortcode

Name of the Vulnerable Software and Affected Versions: MachForm Shortcode versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress plugin MachForm Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-2221 · WordPress · Precious Metals Charts/Widgets

Name of the Vulnerable Software and Affected Versions: Precious Metals Charts and Widgets for WordPress plugin versions 1.2.8 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode due to insufficient input sanitization and output...

PT-2025-2227 · WordPress · Simple Downloads List

Name of the Vulnerable Software and Affected Versions: Simple Downloads List plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns a SQL injection vulnerability via the category attribute of the neofix sdl shortcode. This vulnerability is due to insufficient...