WordPress Bootstrap Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Bootstrap Shortcode versions = 1.0...

CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-26551 WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a through = 1.0.4...

CVE-2025-26551 WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a through = 1.0.4...

WordPress Bootstrap Coach Theme < 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Coach Type Theme Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56159c2dd7f6 Credits Rafie Muhammad Patchstack Required...

WordPress Bootstrap Fitness Theme < 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Fitness Type Theme Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 151cad56de76 Credits Rafie Muhammad Patchstack Require...

WordPress Bootstrap Shortcodes Plugin <= 3.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Shortcodes Type Plugin Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4777 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b9c1c40bdcb0 Credits István Márton...