8997 matches found
CVE-2025-11812
CVE-2025-11812 : Reuse Builder (WordPress)
CVE-2025-11704 Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2025-11704 Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-12324
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-12324
CVE-2025-12324 affects the WordPress plugin TablePress (versions up to 3.2.3). The vulnerability is a Stored Cross-Site Scripting via table shortcode attributes caused by insufficient input sanitization and output escaping. Exploitation requires at least contributor-level access; an attacker can ...
CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
PT-2025-44915
Name of the Vulnerable Software and Affected Versions TablePress versions up to and including 3.2.3 Description The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the table shortcode attributes. Insufficient input sanitization and output escaping on...
PT-2025-44948
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
PT-2025-44940
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reuse builder single post title' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible fo...
PT-2025-44935
Name of the Vulnerable Software and Affected Versions Elegance Menu versions prior to 2.0 Description The Elegance Menu plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 1.9. An authenticated attacker with Contributor-level access or higher can exploit th...
WordPress WPCOM Member plugin <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin WPCOM Member versions = 1.7.14...
CVE-2025-11502
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-6988
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-6988
CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions
EUVD-2025-37419
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
EUVD-2025-37418
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...