2096 matches found
WordPress plugin Memberlite Shortcodes 安全漏洞
WordPress Memberlite Shortcodes plugin is a plugin used to extend the functionality of the theme, mainly used to add additional features to the WordPress theme, such as content display controls, layout tools, etc., while allowing users to use specific features without completely replacing the...
WordPress Social Media Shortcodes plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Social Media Shortcodes versions = 1.3.1...
CVE-2025-9061
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9058
The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9061
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9058
CVE-2025-9058 affects Mikado Core for WordPress (versions up to 1.5.2). It enables Stored Cross-Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; Wordfence data lists CVSS ...
CVE-2025-9058 Mikado Core <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9058 Mikado Core <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9061
CVE-2025-9061 affects the WordPress Wilmer Core plugin up to version 2.4.5, enabling Stored Cross-Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires contributor+ privileges and user interaction is not needed; impact could allo...
CVE-2025-9061 Wilmer Core <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9061 Wilmer Core <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...
CVE-2025-9489
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2025-9489
CVE-2025-9489 affects the WP-Members Membership Plugin for WordPress. The vulnerability allowsAuthenticated users with Subscriber+ to execute arbitrary shortcodes via do_shortcode due to insufficient input validation in profile-related shortcode handling. Impact is arbitrary shortcode execution w...
CVE-2025-9489 WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2025-9489 WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
PT-2025-36572
Name of the Vulnerable Software and Affected Versions: Mikado Core plugin for WordPress versions up to and including 1.5.2 Description: The Mikado Core plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcodes due to inadequate input sanitization and output escaping of...
CVE-2025-9057
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2025-8684
The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-7366
The CVE-2025-7366 entry concerns the REHub - Price Comparison, Multi Vendor Marketplace WordPress Theme. According to multiple sources in the connected documents, versions up to and including 19.9.7 are affected by an unauthenticated arbitrary shortcode execution flaw triggered via re_filterpost,...
PT-2025-36347
Name of the Vulnerable Software and Affected Versions: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to arbitrary shortcode execution...