CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-11870

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

EUVD-2025-35332

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...

WordPress plugin BlindMatrix e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...

EUVD-2022-52018

Malicious code in bioql PyPI...

EUVD-2022-51973

Malicious code in bioql PyPI...

EUVD-2022-51730

Malicious code in bioql PyPI...

EUVD-2023-12181

Malicious code in bioql PyPI...

EUVD-2023-12138

Malicious code in bioql PyPI...

EUVD-2022-52085

Malicious code in bioql PyPI...

EUVD-2022-52086

Malicious code in bioql PyPI...

EUVD-2022-52087

Malicious code in bioql PyPI...

CVE-2025-9057

The CVE-2025-9057 entry concerns Biagiotti Core for WordPress, vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to 2.1.3 due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with Contributor+ permissions, who ...

WordPress plugin Easy Timer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2024-4705

The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-0220

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

CVE-2023-0431

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2023-0033

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...