CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode

The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2026-0563

CVE-2026-0563 affects the WordPress plugin “WP Google Street View (with 360° virtual tour) & Google maps + Local SEO” and the vulnerability is a Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the wpgsv_map shortcode. The flaw enables an attacker with at ...

CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode

The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WoodMart versions = 8.3.7...

WordPress plugin Nearby Now Reviews 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-1961

Name of the Vulnerable Software and Affected Versions WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress versions through 1.1.8 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping...

PT-2026-1726

Name of the Vulnerable Software and Affected Versions The Tooltip plugin for WordPress versions up to and including 1.0.2 Description The Tooltip plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'the tooltip' shortcode. Insufficient input sanitization and output...

PT-2026-1718

Name of the Vulnerable Software and Affected Versions Curved Text versions prior to 0.1 Description The Curved Text plugin for WordPress is susceptible to Stored Cross-Site Scripting through the radius parameter of the arctext shortcode. Insufficient input sanitization and output escaping allow...

PT-2026-1725

Name of the Vulnerable Software and Affected Versions PullQuote versions prior to 1.1 Description The PullQuote plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'pullquote' shortcode. Insufficient input sanitization and output escaping on user-supplied attributes...

WordPress plugin Woodpecker for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-1710

Name of the Vulnerable Software and Affected Versions Entry Views versions prior to 1.0.1 Description The Entry Views plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'entry-views' shortcode. Insufficient input sanitization and output escaping on user-supplied...

PT-2026-1717

Name of the Vulnerable Software and Affected Versions Nearby Now Reviews plugin for WordPress versions up to and including 5.2 Description The Nearby Now Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting through the data tech parameter of the nn-tech shortcode. Insufficie...

WordPress plugin WP Popup Magic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Autogen Headers Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-1729

Name of the Vulnerable Software and Affected Versions Woodpecker for WordPress plugin versions up to and including 3.0.4 Description The Woodpecker for WordPress plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the form na...

PT-2026-1724

Name of the Vulnerable Software and Affected Versions WP Popup Magic plugin for WordPress versions prior to 1.0.1 Description The WP Popup Magic plugin for WordPress is susceptible to Stored Cross-Site Scripting through the name parameter of the wppum end shortcode. Insufficient input sanitizatio...

PT-2026-1708

Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1 Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode...

WordPress Debt.com Business in a Box plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Debt.com Business in a Box versions = 4.1.0...

WordPress Menu Card plugin <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Menu Card versions = 0.8.0...

WordPress Curved Text plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Curved Text versions = 0.1...