9013 matches found
CVE-2024-13583
The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2twsgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12494
The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmltmeetingmap' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13680
The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CPEASYFORMWILLAPPEARHERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
CVE-2024-13659
The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-2161 · WordPress · Post Grid
Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...
PT-2025-2211 · WordPress · Wp Google Street View
Name of the Vulnerable Software and Affected Versions: WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress version 1.1.3 and all versions prior to this. Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode due ...
WordPress plugin Show/Hide Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-2221 · WordPress · Precious Metals Charts/Widgets
Name of the Vulnerable Software and Affected Versions: Precious Metals Charts and Widgets for WordPress plugin versions 1.2.8 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode due to insufficient input sanitization and output...
WordPress plugin MachForm Shortcode 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2025-2227 · WordPress · Simple Downloads List
Name of the Vulnerable Software and Affected Versions: Simple Downloads List plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns a SQL injection vulnerability via the category attribute of the neofix sdl shortcode. This vulnerability is due to insufficient...
PT-2025-1867 · WordPress · Bmlt Meeting Map
Name of the Vulnerable Software and Affected Versions: BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's bmlt meeting map shortcode. This...
PT-2025-5507 · Unknown · Lars Wallenborn Show/Hide Shortcode
Name of the Vulnerable Software and Affected Versions: Lars Wallenborn Show/Hide Shortcode versions 1.0.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can...
PT-2025-5464 · Unknown · Machform Shortcode
Name of the Vulnerable Software and Affected Versions: MachForm Shortcode versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...
CVE-2024-13593
The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...
PT-2025-2237 · WordPress · Listamester
Name of the Vulnerable Software and Affected Versions: Listamester plugin for WordPress versions up to and including 2.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode due to insufficient input sanitization and output escaping on...
PT-2025-2226 · WordPress · Bmlt Meeting Map
Name of the Vulnerable Software and Affected Versions: BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.0 Description: The issue allows authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server via the bmlt meeti...
PT-2025-2122 · WordPress · Mdtf
Name of the Vulnerable Software and Affected Versions: MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mdf results by ajax' shortcode due to insufficient input...
PT-2025-2243 · WordPress · Form Builder
Name of the Vulnerable Software and Affected Versions: Form Builder CP plugin for WordPress versions up to and including 1.2.41 Description: The issue is related to SQL Injection via the id parameter of the "CP EASY FORM WILL APPEAR HERE" shortcode. This is due to insufficient escaping on the...
CVE-2025-23449
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through = 1.3.2...
CVE-2025-23449 WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2...