WordPress plugin Toggles Shortcode and Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-1690 · WordPress · Sell Media

Name of the Vulnerable Software and Affected Versions: Sell Media plugin for WordPress versions up to and including 2.5.8.5 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the sell media...

PT-2025-1849 · WordPress · Marketplace Items

Name of the Vulnerable Software and Affected Versions: Marketplace Items plugin for WordPress versions up to, and including, 1.5.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'marketplace' shortcode. This allow...

PT-2025-3735 · WordPress · The Social Rocket – Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: Social Rocket – Social Sharing Plugin versions up to and including 1.3.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the socialrocket-floating shortcode. This allows...

PT-2025-1904 · WordPress · Sellsy Plugin

Name of the Vulnerable Software and Affected Versions: Sellsy plugin for WordPress versions prior to 2.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode due to insufficient input sanitization and output escaping on user-supplied attribute...

PT-2025-1650 · WordPress · Common Ninja

Name of the Vulnerable Software and Affected Versions: Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to stored cross-site scripting due to insufficient input...

PT-2025-1870 · WordPress · Wp Jquery Datatable

Name of the Vulnerable Software and Affected Versions: WP jQuery DataTable plugin for WordPress versions up to, and including, 4.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wp jdt' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1686 · WordPress · App Embed

Name of the Vulnerable Software and Affected Versions: App Embed plugin for WordPress versions up to and including 2.3.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'appizy'...

PT-2025-4546 · Unknown · Smoothness Slider Shortcode

Name of the Vulnerable Software and Affected Versions: Smoothness Slider Shortcode versions n/a through v1.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

PT-2025-1590 · WordPress · Fancypost

Name of the Vulnerable Software and Affected Versions: FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress versions up to, and including, 6.0.0 Description: The issue is related to unauthorized access of data due to a missing...

WordPress plugin Tabs Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-4549 · Unknown · Mcjh Button Shortcode

Name of the Vulnerable Software and Affected Versions: mcjh button shortcode versions 1.6.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...

PT-2025-1885 · WordPress · Wordpress Survey & Poll

Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to 1.7.5 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

PT-2025-1657 · WordPress · Image Magnify

Name of the Vulnerable Software and Affected Versions: Image Magnify plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'image magnify' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1856 · WordPress · Yogo Booking

Name of the Vulnerable Software and Affected Versions: YOGO Booking plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the yogo-calenda...

PT-2025-1852 · WordPress · Rightmessage Wp

Name of the Vulnerable Software and Affected Versions: RightMessage WP plugin for WordPress versions up to, and including, 0.9.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rm area' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1855 · WordPress · Chat Support For Viber

Name of the Vulnerable Software and Affected Versions: Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'vchat'...

PT-2025-1839 · WordPress · Cf7 Wow Styler

Name of the Vulnerable Software and Affected Versions: The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress versions prior to 1.7.1 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value befor...

PT-2025-1710 · WordPress · Slider Pro Lite

Name of the Vulnerable Software and Affected Versions: Slider Pro Lite plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's sliderpro shortcode. This allows...

WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Marketplace Items versions = 1.5.5...