CVE-2025-11873 WP BBCode <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-11874 Slippy Slider – Responsive Touch Navigation Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2025-11874 Slippy Slider – Responsive Touch Navigation Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11822

The CVE-2025-11822 vulnerability affects the WordPress plugin WP Bootstrap Tabs (versions ≤ 1.0.4). It is a Stored Cross-Site Scripting (XSS) via the bootstrap_tab shortcode caused by insufficient input sanitization and output escaping of user attributes. Impact: authenticated attackers with cont...

WordPress Chart Expert plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Chart Expert versions = 1.0...

WordPress Coon Google Maps plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Coon Google Maps versions = 1.0...

PT-2025-46291

Name of the Vulnerable Software and Affected Versions WP Count Down Timer plugin for WordPress versions up to and including 1.0.1 Description The WP Count Down Timer plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp countdown timer shortcode...

PT-2025-46290

Name of the Vulnerable Software and Affected Versions GitHub Gist Shortcode Plugin for WordPress versions through 0.2 Description The GitHub Gist Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the id parameter of the 'gist' shortcode. Insufficient input...

PT-2025-46271

Name of the Vulnerable Software and Affected Versions Authors List plugin for WordPress versions prior to 2.0.6.2 Description The Authors List plugin for WordPress is susceptible to sensitive information exposure. Authenticated attackers with Contributor-level access or higher can exploit this...

PT-2025-46296

Name of the Vulnerable Software and Affected Versions Geopost plugin for WordPress versions prior to 1.3 Description The Geopost plugin for WordPress is susceptible to Stored Cross-Site Scripting through the height parameter of the 'geopost' shortcode. This is caused by inadequate input...

PT-2025-46283

Name of the Vulnerable Software and Affected Versions Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress versions through 1.0.11 Description The software is susceptible to Stored Cross-Site Scripting through the 'nonaki' shortcode. This is a result of inadequate inp...

WordPress plugin Flickr Show 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-46292

Name of the Vulnerable Software and Affected Versions WP-Iconics plugin for WordPress versions prior to 0.0.5 Description The WP-Iconics plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp iconics shortcode. Insufficient input sanitization and...

PT-2025-46254

Name of the Vulnerable Software and Affected Versions Five9 Live Chat plugin for WordPress versions through 1.1.2 Description The Five9 Live Chat plugin for WordPress is susceptible to Stored Cross-Site Scripting through the toolbar attribute within the five9-chat shortcode. This occurs because o...

WordPress plugin Chart Expert 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Chart Expert, which stems...

PT-2025-46260

Name of the Vulnerable Software and Affected Versions WP BBCode plugin for WordPress versions up to and including 1.8.1 Description The WP BBCode plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'url' shortcode. This is due to inadequate input sanitization and output...

PT-2025-46252

Name of the Vulnerable Software and Affected Versions WP Bootstrap Tabs versions prior to 1.0.5 Description The WP Bootstrap Tabs plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'bootstrap tab' shortcode. Insufficient input sanitization and output escaping of...

WordPress plugin Jeba Cute forkit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...