WordPress Page Expire Popup/Redirection for WordPress plugin <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute vulnerability

Authenticated Author+ SQL Injection via 'id' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Page Expire Popup/Redirection for WordPress versions = 1.0...

WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DeepDigital versions = 1.0.2...

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

CVE-2025-62760

CVE-2025-62760 refers to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the BuddyPress Activity Shortcode plugin. According to the Wordfence Vulnerability report, the affected component is the BuddyPress Activity Shortcode, with versions up to and including 1.1.8. It is categ...

WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BuddyPress Activity Shortcode versions = 1.1.8...

WordPress Bold Timeline Lite plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Parameter in 'boldtimelinegroup' Shortcode vulnerability discovered by zaim in WordPress Plugin Bold Timeline Lite versions = 1.2.7...

WordPress FunnelKit plugin <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wfopphone Shortcode vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

WordPress WishSuite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WishSuite versions = 1.5.1...

WordPress SecuPress Free - WordPress Security plugin <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode vulnerability

WordPress SecuPress Free - WordPress Security plugin = 2.2.5.3 - Authenticated Contributor+ Stored Cross-Site Scripting via secupresscheckbanipsform Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin SecuPress Free versions = 2.2.5.3...

WordPress Booking Calendar plugin <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booking Calendar versions = 10.14.6...

WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultimate Member versions = 2.11.0...

WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter vulnerability

Unauthenticated Local File Inclusion via 'shortcodename' Parameter vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Extensive VC Addons for WPBakery page builder versions = 1.9.1...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.11...

WordPress Live Composer plugin <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode vulnerability

Authenticated Contributor+ PHP Object Injection via dslcmodulepostsoutput Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...

WordPress WP Easy FAQs plugin <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via WPEASYFAQ Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Easy FAQs versions = 1.0.5...

WordPress Master Slider - Responsive Touch Slider plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode vulnerability

WordPress Master Slider - Responsive Touch Slider plugin = 3.10.6 - Authenticated Contributor+ Stored Cross-Site Scripting via mslayer Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Master Slider versions = 3.10.6...

WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...