8992 matches found
PT-2026-1607
Name of the Vulnerable Software and Affected Versions Smart App Banners plugin for WordPress versions prior to 1.3 Description The Smart App Banners plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...
PT-2026-1625
Name of the Vulnerable Software and Affected Versions EDD Download Info plugin for WordPress versions prior to 1.2 Description The EDD Download Info plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'edd download info link' shortcode. Insufficient input sanitization a...
PT-2026-1632
Name of the Vulnerable Software and Affected Versions The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress versions through 1.0.5 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...
PT-2026-1615
Name of the Vulnerable Software and Affected Versions Wish To Go plugin for WordPress versions up to and including 0.5.2 Description The Wish To Go plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcode attributes. Insufficient input sanitization and output escaping ...
PT-2026-1560
Name of the Vulnerable Software and Affected Versions WP Photo Album Plus plugin for WordPress versions up to and including 9.1.05.008 Description The WP Photo Album Plus plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the shortcode parameter. Insufficient input...
WordPress Travel Bucket List plugin <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by ChamlaVic in WordPress Plugin Wish To Go versions = 0.5.2...
WordPress Snillrik Restaurant plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'menustyle' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Snillrik Restaurant versions = 2.2.1...
WordPress AD Sliding FAQ plugin <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AD Sliding FAQ versions = 2.4...
WordPress Niche Hero | Beautifully-designed blocks in seconds plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Niche Hero versions = 1.0.5...
WordPress QR Code for WooCommerce order emails, PDF invoices, packing slips plugin <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin QR Code Tag for WC versions = 1.9.42...
WordPress STM Gallery 1.9 plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin STM Gallery 1.9 versions = 0.9...
WordPress EDD Download Info plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin EDD Download Info versions = 1.1...
WordPress AI BotKit plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin AI BotKit versions = 1.1.7...
WordPress PhotoFade plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin PhotoFade versions = 0.2.1...
CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-14552
CVE-2025-14552 affects the WordPress MediaPress plugin (MediaPress) and is a Stored Cross-Site Scripting vulnerability in the mpp-uploader shortcode, exploitable in all versions up to 1.6.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, allowin...
CVE-2025-14153 Page Expire Popup/Redirection for WordPress <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute
The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2025-14153
CVE-2025-14153 is a WordPress plugin vulnerability in Page Expire Popup/Redirection for WordPress. The issue is a time-based SQL Injection via the shortcod e attribute id in versions up to 1.0, caused by insufficient escaping and lack of proper query preparation. Exploitation requires authenticat...
PT-2026-1428
Name of the Vulnerable Software and Affected Versions MediaPress plugin for WordPress versions up to and including 1.6.1 Description The MediaPress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the mpp-uploader shortcode. This is due to inadequate input sanitization a...