8992 matches found
CVE-2025-47600
CVE-2025-47600 affects WoodMart (xtemos WoodMart theme) up to version 8.3.7. Description notes a Basic XSS via improper neutralization of script-related HTML tags enabling Code Injection in WoodMart pages. Connected sources show concrete details: affected product WoodMart; vulnerability type Basi...
WordPress Textmetrics plugin <= 3.6.4 - Content Injection vulnerability
Content Injection vulnerability discovered by theviper17 in WordPress Plugin Textmetrics versions = 3.6.4...
WordPress Gotham Block Extra Light plugin path traversal vulnerability
The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. A path traversal vulnerability exists in the WordPress Gotham Block Extra Light plugin, which stems from the mishandling of the ghostban shortcode, and...
WordPress SpiceForms Form Builder plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SpiceForms Form Builder plugin, which stems from the lack of effective filtering and escaping of user-supplied data ...
CVE-2025-8615
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...
CVE-2025-8615
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-0913
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
EUVD-2026-3142
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8615
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8615 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8615
CVE-2025-8615 affects the CubeWP Framework (WordPress) and is a Stored Cross‑Site Scripting via the cubewp_shortcode_taxonomy shortcode in all versions up to and including 1.1.26. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authe...
CVE-2025-8615 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2026-3357
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp shortcode taxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-0913
CVE-2026-0913 affects the WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End. It enables Stored Cross-Site Scripting via the usp_access shortcode due to insufficient input sanitization/output escaping on user-supplied attributes. Valid for all versions up to a...
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...
CVE-2026-0916
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2026-0916 Related Posts by Taxonomy <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2026-0916 Related Posts by Taxonomy <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'relatedpostsbytax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
PT-2026-3225
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'related posts by tax' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...