8996 matches found
CVE-2025-11803
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...
CVE-2025-11801
The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13135
The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11186
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookiesaccepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
CVE-2025-11186 Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookiesaccepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
CVE-2025-11186 Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookiesaccepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
WordPress Padlet Shortcode plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Padlet Shortcode versions = 1.3...
WordPress Tips Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Tips Shortcode versions = 0.2.1...
CVE-2025-12935
The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrmcontent' shortcode in all versions up to, and including, 2.9.84 due to insufficient input...
CVE-2025-12935 FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode
The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrmcontent' shortcode in all versions up to, and including, 2.9.84 due to insufficient input...
EUVD-2025-198413
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...
EUVD-2025-198410
The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'phrases' shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11826
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11808
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11803
The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...
EUVD-2025-198385
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11808
CVE-2025-11808 concerns the WordPress plugin “Shortcode for Google Street View” (Shortcode for Google Street View, plugin slug wp-google-street-view-shortcode). The vulnerability is a Stored Cross-Site Scripting (XSS) via the streetview shortcode, in all versions up to and including 0.5.7, caused...
CVE-2025-11808 Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Shortcode for Google Street View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'streetview' shortcode in all versions up to, and including, 0.5.7. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...