WordPress plugin IG Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP-Recall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-0370

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-0370

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-0370

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-0370 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-0370

CVE-2025-0370 refers to a stored XSS in the WordPress plug-in "WP Shortcodes Plugin — Shortcodes Ultimate" (versions up to 7.3.3). The root cause is insufficient input sanitization and output escaping in the src parameter, allowing authenticated attackers with Contributor+ privileges to inject sc...

CVE-2025-0370 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress WP Shortcodes Ultimate plugin <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via src Parameter vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes Ultimate versions = 7.3.3...

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-1757

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

PT-2025-8687 · WordPress · Sina Extension For Elementor

Name of the Vulnerable Software and Affected Versions: The Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.6.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Fancy Text, Countdow...

WordPress Sina Extension for Elementor plugin <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes vulnerability discovered by zer0gh0st in WordPress Plugin Sina Extension for Elementor versions = 3.6.0...

CVE-2024-6432

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-13792

The CVE CVE-2024-13792 affects the WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress (up to v3.3.2). The root cause is improper validation of a value before do_shortcode is executed, allowing unauthenticated attackers to trigger arbitrary shortcodes. This leads to arbitrary ...

PT-2025-7371 · WordPress · Team Builder For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: The Team Builder For WPBakery Page Builder plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode due to insufficient input...

PT-2025-7353 · WordPress · Wp Wiki Tooltip

Name of the Vulnerable Software and Affected Versions: WP Wiki Tooltip plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode due to insufficient input sanitization and output escaping on user...

CVE-2025-0864

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodesset' parameter in all versions up to, and including, 1.0.6.6 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-11895

The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2024-13587

The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfmfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied...