CVE-2024-12813

The Open Hours – Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

WordPress plugin Active Products Tables for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-6810 · Woocommerce · Active Products Tables For Woocommerce

Name of the Vulnerable Software and Affected Versions: Active Products Tables for WooCommerce versions 1.0.6.6 and earlier Description: The issue is related to Reflected Cross-Site Scripting via the shortcodes set parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2025-0837

The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...

PT-2025-6809 · WordPress · Puzzles

Name of the Vulnerable Software and Affected Versions: The Puzzles theme for WordPress versions up to, and including, 4.2.4 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This...

WordPress Shortcodes Ultimate Plugin < 7.0.5 - Contributor+ Stored XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:getshortcodes:shortcodesultimate"; if description...

WordPress Shortcodes Ultimate Plugin < 7.0.4 - Contributor+ Stored XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:getshortcodes:shortcodesultimate"; if description...

PT-2025-6454 · WordPress · The Global Gallery

Name of the Vulnerable Software and Affected Versions: The Global Gallery - WordPress Responsive Gallery plugin for WordPress versions up to, and including, 9.1.5 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before...

WordPress DWT theme <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Theme DWT - Directory & Listing versions = 3.3.4...

CVE-2025-0169

The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2025-0169

CVE-2025-0169 affects the DWT - Directory & Listing WordPress Theme (versions

PT-2025-6025 · WordPress · Dwt - Directory & Listing Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.4 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-22677

Missing Authorization vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uix Shortcodes: from n/a through = 2.0.3...

CVE-2025-24620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes: from n/a through = 1.3...

CVE-2025-22594

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hccoder Better User Shortcodes better-user-shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through = 1.0...

CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user...

CVE-2024-52464

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anmari amr shortcodes amr-shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through = 1.7...

CVE-2024-21750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

CVE-2024-30558

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Simpson Add Shortcodes Actions And Filters allows Reflected XSS.This issue affects Add Shortcodes Actions And Filters: from n/a through 2.10...

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...