CVE-2025-7662

The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-7662

CVE-2025-7662 affects the WordPress plugin Gestion de tarifs (versions ≤ 1.4). The vulnerability is an SQL Injection via the tarif and intitule shortcodes caused by insufficient escaping and lack of prepared statements. Authenticated users with Contributor+ access can append additional SQL to exi...

CVE-2025-7662 Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection

The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091 EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

PT-2025-33465 · WordPress · Eventon Lite

Name of the Vulnerable Software and Affected Versions: EventON Lite versions prior to 2.4.7 Description: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the add single eventon and add eventon shortcodes. Insufficient restrictions on post...

PT-2025-33461 · WordPress · Gestion De Tarifs

Name of the Vulnerable Software and Affected Versions: Gestion de tarifs plugin for WordPress versions prior to 1.5 Description: The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the tarif and intitule shortcodes due to insufficient escaping on user-supplied parameters...

CVE-2025-7502

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-3075

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied...

WordPress Shortcodes Ultimate plugin cross-site scripting vulnerability

WordPress Shortcodes Ultimate plugin is a plugin for WordPress that provides a rich set of visual component features that allow users to insert a wide range of pre-defined shortcodes such as buttons, accordions, image rotations, etc. into post editors, text widgets, or template files, helping to...

CVE-2025-7369

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...

CVE-2025-7354

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2025-8015

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2025-8015

CVE-2025-8015 concerns the WordPress plugin “WP Shortcodes Plugin — Shortcodes Ultimate.” The vulnerability is a Stored Cross-Site Scripting (XSS) that arises from insufficient input sanitization and output escaping in image upload fields (Title and slide link). Affected versions include all up t...

CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress Shortcodes Ultimate plugin is a plugin for WordPress that provides a rich set of visual component features that allow users to insert a wide range of pre-defined shortcodes such as buttons, accordions, image rotations, etc. into post editors, text widgets, or template files, helping to...

PT-2025-30424 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate versions prior to 7.4.3 Description: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from insufficient input...

CVE-2025-7369

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...

CVE-2025-7354

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2025-7354

CVE-2025-7354 affects WordPress sites running the WP Shortcodes Plugin — Shortcodes Ultimate. The vulnerability is a Stored Cross-Site Scripting (XSS) in all versions up to 7.4.2 caused by insufficient input sanitization and output escaping on user-supplied attributes within shortcodes. Exploitat...