CVE-2024-54436

Cross-Site Request Forgery CSRF vulnerability in milordk Jet Footer Code jet-footer-code allows Stored XSS.This issue affects Jet Footer Code: from n/a through = 1.4...

CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

CVE-2024-11780

The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13661

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2184 · WordPress · Atakan Au Automatically Hierarchic Categories In Menu

Name of the Vulnerable Software and Affected Versions: Automatically Hierarchic Categories in Menu plugin for WordPress versions up to, and including, 2.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode due to insufficient input...

PT-2025-1853 · WordPress · Html5 Chat Plugin

Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...

CVE-2025-0804

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...

PT-2025-2217 · WordPress · Abc Notation

Name of the Vulnerable Software and Affected Versions: ABC Notation plugin for WordPress versions up to, and including, 6.1.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1886 · WordPress · Brodos.Net Onlineshop Plugin

Name of the Vulnerable Software and Affected Versions: brodos.net Onlineshop Plugin plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode due to insufficient input sanitization and...

CVE-2024-13389

The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakesinputemail' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-23659

Cross-Site Request Forgery CSRF vulnerability in hernanjh MercadoLibre Integration mercadolibre-integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through = 1.1...

CVE-2025-23872 WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through = 2.0...

PT-2025-5156 · Unknown · Copyright Safeguard Footer Notice

Name of the Vulnerable Software and Affected Versions: Copyright Safeguard Footer Notice versions prior to 3.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on...

PT-2025-4944 · Intuitive Design · Intuitive Design Gdreseller

Name of the Vulnerable Software and Affected Versions: Intuitive Design GDReseller versions prior to 1.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web applicatio...

PT-2025-5044 · Kapost · Kapost

Name of the Vulnerable Software and Affected Versions: Kapost versions n/a through 2.2.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge and can also injec...

PT-2025-4915 · WordPress · Wordpress Logging Service

Name of the Vulnerable Software and Affected Versions: WordPress Logging Service versions 1.5.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a...

PT-2025-4681 · Olaf Lederer · Wp Ajax Contact Form

Name of the Vulnerable Software and Affected Versions: Olaf Lederer Ajax Contact Form versions 1.2.5.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This means an attacke...

WordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Zephyr Admin Theme versions = 1.4.1...

WordPress NAVER Analytics plugin <= 0.9 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 渡辺康介 Patchstack Alliance in WordPress Plugin NAVER Analytics versions = 0.9...

CVE-2024-11607

The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...