8990 matches found
CVE-2025-13738
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13612
The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2025-13732
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...
CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-14851
CVE-2025-14851 concerns YaMaps for WordPress Plugin (YaMaps for WordPress) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the yamap shortcode parameters present in all versions up to and including 0.6.40. The issue stems from insufficient input sanitization and output escap...
CVE-2026-0549 Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groupsgroupinfo' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13738
CVE-2025-13738 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Easy Table of Contents (ez-toc shortcode) affecting versions up to 2.0.78. The issue arises from insufficient input sanitization and output escaping on user-provided attributes, enabling an authenticated ...
CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode
The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13612 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2025-13612 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2025-13612
CVE-2025-13612 affects the WordPress plugin “Album and Image Gallery Plus Lightbox” (versions up to and including 2.1.7). The vulnerability is a Stored Cross-Site Scripting via the aigpl-gallery-album shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...
CVE-2025-13732
CVE-2025-13732 concerns the WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (versions through 251005). The issue is a Stored Cross-Site Scripting flaw via the shortcode parameter s2Eot , caused by insufficient input sa...
CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...
CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...
WordPress Groups plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'groupsgroupinfo' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Groups versions = 3.10.0...
WordPress YaMaps for WordPress plugin <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YaMaps for WordPress versions = 0.6.40...
WordPress plugin Album and Image Gallery plus Lightbox 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...