CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress FiboSearch – Ajax Search for WooCommerce plugin <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via thegemtesearch Shortcode vulnerability discovered by zaim in WordPress Plugin FiboSearch versions = 1.32.0...

WordPress Responsive and Swipe slider plugin <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bhumividh Treloges in WordPress Plugin RESPONSIVE AND SWIPE SLIDER! versions = 1.0.2...

CVE-2025-13730

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-14449 BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, 1.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-52435

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri blog posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Colibri Page Builder plugin <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Colibri Page Builder versions = 1.0.345...

WordPress BA Book Everything plugin <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BA Book Everything versions = 1.8.14...

CVE-2025-13730

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2025-204252

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13730

CVE-2025-13730 concerns the OpenID Connect Generic Client for WordPress. The Wordfence entry states a Stored Cross-Site Scripting (XSS) vulnerability via the shortcode openid_connect_generic_auth_url, affecting all versions up to 3.10.0, and requires an attacker to have Contributor-level access o...

CVE-2025-13730 OpenID Connect Generic Client <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13730 OpenID Connect Generic Client <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openidconnectgenericauthurl' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-12976

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

PT-2025-52210

The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openid connect generic auth url' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for...