CVE-2025-2802

The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-3510

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

WordPress Widgets as Shortcodes plugin <= 5.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Widgets as Shortcodes versions = 5.9.10...

CVE-2025-39581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through = 2.1.3...

CVE-2025-39574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Stored XSS.This issue affects Uix Shortcodes: from n/a through = 2.0.4...

CVE-2025-39528

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes rescue-shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through = 3.1...

CVE-2025-24621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.15...

CVE-2025-3472

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-24621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.15...

CVE-2025-24621 WordPress Arconix Shortcodes plugin <= 2.1.15 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.15...

CVE-2025-24621 WordPress Arconix Shortcodes plugin <= 2.1.15 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.15...

CVE-2025-24621

The CVE-2025-24621 entry concerns the WordPress plugin Arconix Shortcodes (versions up to and including 2.1.15). The root cause is Improper Neutralization of Input During Web Page Generation, i.e., a Reflected Cross-Site Scripting (XSS) vulnerability. Affected component: Arconix Shortcodes; the v...

WordPress plugin Arconix Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-17038 · Unknown · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes versions 2.1.15 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

WordPress Uix Shortcodes plugin <= 2.0.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Uix Shortcodes versions = 2.0.4...

WordPress Themify Shortcodes plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Themify Shortcodes versions = 2.1.3...

CVE-2025-39574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Stored XSS.This issue affects Uix Shortcodes: from n/a through = 2.0.4...

CVE-2025-39581

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through = 2.1.3...

CVE-2025-39528

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS. This issue affects Rescue Shortcodes: from n/a through 3.1...