CVE-2025-62110

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3...

CVE-2025-62110 WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3...

CVE-2025-62110 WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3...

WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Rescue Shortcodes versions = 3.3...

PT-2026-34655

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3...

WordPress plugin Rescue Shortcodes 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-4279 Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The...

PT-2026-34299

Name of the Vulnerable Software and Affected Versions Bread & Butter versions prior to 8.2.0.26 Description Stored Cross-Site Scripting is possible via the 'breadbutter-customevent-button' shortcode. The customEventShortCodeButton function fails to apply proper input sanitization and output...

PT-2026-33600

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content block shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-create...

CVE-2026-3885

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2026-3885

The CVE concerns the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate . It reports a Stored Cross-Site Scripting (XSS) flaw via the 'su_box' shortcode in all versions up to and including 7.4.9 , caused by insufficient input sanitization and output escaping of user-supplied attributes. ...

CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subox' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin CodeColorer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Shortcodes Ultimate 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-33246

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via subox Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.9...

EUVD-2026-22223

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

CVE-2026-3017

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

EUVD-2026-22205

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's surbma-bookingcom shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...