2096 matches found
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'titletag' vulnerability discovered by WordFence in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via accordions Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.3...
WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...
WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability
Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...
CVE-2026-1099
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-1257
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...
CVE-2026-0633
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without...
CVE-2026-1099
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-1257
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...
CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-1099 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-1099
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-1099
CVE-2026-1099 refers to the WordPress plugin Administrative Shortcodes (
CVE-2025-14903 Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2025-14903 Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2026-1257 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...
CVE-2026-1257
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...