PT-2025-3929 · WordPress · Ticketmeo – Sell Tickets – Event Ticketing

Name of the Vulnerable Software and Affected Versions: Ticketmeo – Sell Tickets – Event Ticketing plugin for WordPress versions up to, and including, 2.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and outpu...

PT-2025-2179 · Pirateforms · Contact Form & Smtp Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form & SMTP Plugin for WordPress by PirateForms versions up to, and including, 2.6.0 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before running do...

CVE-2024-13527

The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2025-24673

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...

CVE-2025-24673 WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...

CVE-2025-24673

CVE-2025-24673 covers the WordPress plugin Ketchup Shortcodes (versions up to 0.1.2). The issue is caused by the improper neutralization of script-related HTML tags , enabling Stored XSS when shortcodes are rendered. Public sources (NVD/Red Hat/Wordfence/CVEs) confirm the vulnerability affects ve...

WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Ketchup Shortcodes versions = 0.1.2...

WordPress plugin Ketchup Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-5493 · Unknown · Ketchup Shortcodes

Name of the Vulnerable Software and Affected Versions: Ketchup Shortcodes versions 0.1.2 and earlier Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Stored XSS attacks. This means an attacker can inject malicious scripts int...

CVE-2024-12477

The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2024-13499

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...

CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...

CVE-2024-13590

The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13590 Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13590 Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13590

The CVE-2024-13590 entry concerns the Ketchup Shortcodes WordPress plugin (versions up to 0.1.2) and describes a Stored Cross-Site Scripting vulnerability in the spacer shortcode caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authe...

WordPress plugin Ketchup Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-2189 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue arises due to the software allowing users to execute an action that does not properly...

PT-2025-2225 · WordPress · Ketchup Shortcodes

Name of the Vulnerable Software and Affected Versions: Ketchup Shortcodes plugin for WordPress versions up to, and including, 0.1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-12508

The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofoxleadcapture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...