CVE-2025-46543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CharlyLeetham Enhanced Paypal Shortcodes enhanced-paypal-shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through = 0.5a...

PT-2025-22337 · WordPress · Wp Youtube Video Optimizer

Name of the Vulnerable Software and Affected Versions: WP YouTube Video Optimizer plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ib youtube' shortcode due to insufficient input sanitization and output...

CVE-2025-46543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CharlyLeetham Enhanced Paypal Shortcodes enhanced-paypal-shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through = 0.5a...

CVE-2025-46543

CVE-2025-46543 describes a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Enhanced Paypal Shortcodes (versions

CVE-2025-46543 WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CharlyLeetham Enhanced Paypal Shortcodes enhanced-paypal-shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through = 0.5a...

CVE-2025-46543 WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a...

WordPress plugin Enhanced Paypal Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-12722

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-10075

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.16...

CVE-2024-10075

The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...

CVE-2025-47621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks Flexible Shortcodes: from n/a through = 1.3.6...

CVE-2024-13793 Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2025-47621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks Flexible Shortcodes: from n/a through = 1.3.6...

WordPress Meks Flexible Shortcodes plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Meks Flexible Shortcodes versions = 1.3.6...

CVE-2025-47621 WordPress Meks Flexible Shortcodes plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks Flexible Shortcodes: from n/a through = 1.3.6...

CVE-2025-47621

CVE-2025-47621 affects Meks Flexible Shortcodes (WordPress plugin), with stored XSS due to improper input neutralization in web page generation. Affected versions are 1.3.6 and earlier. The vulnerability was labeled patched in the Wordfence vulnerability details, indicating a fix is available, th...

CVE-2025-47621 WordPress Meks Flexible Shortcodes plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks Flexible Shortcodes: from n/a through = 1.3.6...

WordPress plugin Meks Flexible Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-20187 · Unknown · Meks Flexible Shortcodes

Name of the Vulnerable Software and Affected Versions: Meks Flexible Shortcodes versions 1.3.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to...