2096 matches found
PT-2026-7500
The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
WordPress HTML Shortcodes plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin HTML Shortcodes versions = 1.1...
CVE-2025-15477
The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...
EUVD-2025-206892
The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-15491 Post Slides <= 1.0.1 - Contributor+ Local File Inclusion
The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks...
WordPress plugin Video Onclick 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Wikiloops Track Player 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Wonka Slide 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-0867
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-0867
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-0867 Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-0867
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...
EUVD-2026-5538
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-0867
CVE-2026-0867 affects the WordPress Essential Widgets plugin (versions up to and including 3.0). The issue is Stored Cross-Site Scripting in the ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes caused by insufficient input sanitization and output escaping on user-supplied attri...
WordPress Essential Widgets plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Shortcodes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Essential Widgets versions = 3.0...
PT-2026-5886
Name of the Vulnerable Software and Affected Versions SportsPress plugin for WordPress versions through 2.7.26 Description The SportsPress plugin for WordPress is susceptible to Local File Inclusion via the 'template name' attribute within shortcodes. This allows authenticated attackers with...
WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...
WordPress Social Media Shortcodes plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Media Shortcodes versions = 1.3.0...
WordPress Snippet Shortcodes plugin <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion vulnerability
Authenticated Subscriber+ Shortcode Deletion vulnerability discovered by theviper17y in WordPress Plugin Snippet Shortcodes versions = 4.1.6...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Staff Widget vulnerability discovered by zer0gh0st in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.2...