6 matches found
CVE-2026-14343 Download Manager <= 3.3.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'notebefore' and 'noteafter' Shortcode Attributes in all versions up to, and including, 3.3.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-7509
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2026-4871
The Sports Club Management WordPress plugin (affected: versions up to and including 1.12.9) is vulnerable to Stored Cross-Site Scripting via the scm_member_data shortcode’s before/after attributes. Root cause: insufficient input sanitization and output escaping, enabling authenticated attackers w...
CVE-2026-1097
The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1097 ThemeRuby Multi Authors <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes
The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1097 ThemeRuby Multi Authors <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes
The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it...