CVE-2024-6718

The CVE-2024-6718 entry concerns the PVN Auth Popup WordPress plugin (versions

CVE-2024-5440

Affected software: WordPress plugin If-So Dynamic Content Personalization, versions prior to 1.8.0.3. Vulnerability: The plugin does not validate and escape certain shortcode attributes before outputting them on the page/post where the shortcode is embedded, enabling Stored XSS if exploited. Impa...

CVE-2024-12722

CVE-2024-12722 affects the WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode, alleging Stored Cross-Site Scripting via shortcode attributes in versions

CVE-2024-11502

The CVE concerns the Planning Center Online Giving WordPress plugin (versions 1.0.0 and earlier). The vulnerability is due to unvalidated and unescaped shortcode attributes being echoed in pages/posts, enabling Stored XSS for users with the contributor role and above. Impact is described as store...

WordPress plugin PVN Auth Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-21494 · WordPress · Pvn Auth Popup

Name of the Vulnerable Software and Affected Versions: PVN Auth Popup WordPress plugin versions 1.0.0 and earlier Description: The issue concerns the PVN Auth Popup WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or...

CVE-2025-2279

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-2279

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-2279 Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-2279 Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-2279

The CVE-2025-2279 entry concerns the Maps WordPress plugin (versions up to 1.0.6). The issue is that the plugin does not validate and escape certain shortcode attributes before output, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) via the...

WordPress plugin Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10563 WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

PT-2025-8670 · WordPress · Woocommerce Cart Count Shortcode

Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode WordPress plugin versions prior to 1.1.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12308 Logo Slider < 4.6.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...