PT-2025-5123 · WordPress · Easy Shortcode Buttons

Name of the Vulnerable Software and Affected Versions: Easy Shortcode Buttons versions n/a through 1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicio...

WordPress plugin Shortcode in Comment 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...

PT-2025-4995 · Unknown · Pflonk Sidebar-Content From Shortcode

Name of the Vulnerable Software and Affected Versions: pflonk Sidebar-Content from Shortcode versions prior to 2.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This problem enabl...

WordPress plugin Horizontal Line Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Twitter Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-1617 · WordPress · The Motors – Car Dealer

Name of the Vulnerable Software and Affected Versions: The Motors – Car Dealer, Classifieds & Listing plugin for WordPress versions 1.4.43 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software...

PT-2025-5223 · Unknown · Enhanced Youtube Shortcode

Name of the Vulnerable Software and Affected Versions: Enhanced YouTube Shortcode versions prior to 2.0.1 le Pixel Solitaire Enhanced YouTube Shortcode versions prior to 2.0.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-si...

PT-2025-2146 · WordPress · Wp Responsive Tabs

Name of the Vulnerable Software and Affected Versions: WP Responsive Tabs plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode due to insufficient input sanitization and output escaping on...

CVE-2025-22743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode twitter-bootstrap-collapse-aka-accordian-shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian...

WordPress Motors plugin <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Custom Title vulnerability discovered by WordFence in WordPress Plugin Motors versions = 1.4.43...

WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Contact Form With Shortcode versions = 4.2.5...

CVE-2024-12593 PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode

The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdfdotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-12593

CVE-2024-12593 affects the WordPress plugin PDF for WPForms + Drag and Drop Template Builder. It is a Stored Cross-Site Scripting vulnerability in the yeepdf_dotab shortcode caused by insufficient input sanitization and output escaping on user-provided attributes. Impact: authenticated attackers ...

CVE-2024-10775 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Twitter Bootstrap Collapse aka Accordian...

PT-2025-2151 · WordPress · Viewmedica

Name of the Vulnerable Software and Affected Versions: ViewMedica 9 plugin for WordPress versions up to, and including, 1.4.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode due to insufficient input sanitization and output escaping on...

WordPress PDF for WPForms plugin <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via yeepdfdotab Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin PDF for WPForms versions = 4.6.0...

WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2109 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar versions up to and including 10.9.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'booking' shortcode due to insufficient input sanitization and output escaping on user-supplied...