8996 matches found
CVE-2025-12649 SortTable Post <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The SortTable Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the sorttablepost shortcode in all versions up to, and including, 4.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it...
CVE-2025-12649
The CVE-2025-12649 entry concerns the WordPress plugin SortTable Post. A Stored Cross-Site Scripting (XSS) flaw exists in the sorttablepost shortcode’s id attribute due to insufficient input sanitization and output escaping in versions up to 4.2. Exploitation requires authenticated access at cont...
CVE-2025-12713 Soundslides <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Shortcode
The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2025-12713
CVE-2025-12713 affects the WordPress plugin Soundslides, vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to and including 1.4.2. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated ...
CVE-2025-12712 Shouty <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-12712 Shouty <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-12712
CVE-2025-12712 (Shouty WordPress plugin) vulnerable in all versions up to 0.2.1 due to insufficient input sanitization and output escaping on shouty shortcode attributes, enabling stored cross-site scripting. Exploitation requires authenticated access at Contributor level or higher; an attacker c...
CVE-2025-12666
CVE-2025-12666 in the WordPress plugin “Google Drive upload and download link” is a Stored Cross‑Site Scripting flaw via the 'link' parameter of the atachfilegoogle shortcode. Root cause: insufficient input sanitization and output escaping. Affected since versions up to and including 1.0. Impact:...
PT-2025-48219
The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-48220
The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'twitpic' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-48221
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
PT-2025-48222
The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
WordPress plugin SortTable Post 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress SortTable Post plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SortTable Post versions = 4.2...
WordPress Shouty plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shouty versions = 0.2.1...
CVE-2025-12645
The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12645
The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-199568
The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12645
The CVE-2025-12645 entry concerns the WordPress Inline frame – Iframe plugin (versions
CVE-2025-12645 Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...