8984 matches found
WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...
WordPress FuseDesk plugin <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin FuseDesk versions = 6.8...
WordPress Any Post Slider plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'posttype' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Any Post Slider versions = 1.0.4...
WordPress Go Night Pro | WordPress Dark Mode Plugin plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Go Night Pro versions = 1.1.0...
WordPress Sherk Custom Post Type Displays plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Sherk Custom Post Type Displays versions = 1.2.1...
WordPress Integration with Hubspot Forms plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Integration with Hubspot Forms versions = 1.2.2...
WordPress Twitter Feeds plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute vulnerability
Authenticated Contributor+ Cross-Site Scripting via 'tweettitle' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Twitter Feeds versions = 1.0.0...
WordPress Simple Football Scoreboard plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Football Scoreboard versions = 1.0...
WordPress Outgrow plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute vulnerability discovered by theviper17y in WordPress Plugin Outgrow versions = 2.1...
WordPress WordPress PayPal Donation plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'amount' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WordPress PayPal Donation versions = 1.01...
WordPress Text Toggle plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Text Toggle versions = 1.1...
WordPress WP Games Embed plugin <= 0.1beta - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Games Embed versions = 0.1beta...
WordPress Sheets2Table plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sheets2Table versions = 0.4.1...
WordPress Show Posts list plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Show Posts list versions = 1.1.0...
WordPress WP Random Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Random Button versions = 1.0...
WordPress Ecover Builder For Dummies plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ecover Builder For Dummies versions = 1.0...
WordPress Scoreboard for HTML5 Games Lite plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Scoreboard for HTML5 Games Lite versions = 1.2...
EUVD-2026-14162
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the 'title' attribute of the...
EUVD-2026-14010
The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...
EUVD-2026-14172
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...