EUVD-2025-198425

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageheight' and 'imagewidth' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12661 Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

PT-2025-47677

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image height' and 'image width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Code Snippets plugin code injection vulnerability

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

PT-2025-47685

The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2025-47679

The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'phrases' shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-47683

The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'asin' shortcode attribute in the affiai img shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Tag Attribute Injection vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin HT Mega versions = 3.0.0...

GHSA-6QV9-48XG-FC7F LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates

Context A template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...

LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates

Context A template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...

CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-12691

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

CVE-2025-12878

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

CVE-2025-13081

The CVE-2025-13081 entry describes an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal core that enables Object Injection. Affected Drupal core versions span: 8.0.0–before 10.4.9, 10.5.0–before 10.5.6, 11.0.0–before 11.1.9, and 11.2.0–before 1...

CVE-2025-6670

Summary: CVE-2025-6670 describes a CSRF vulnerability in multiple WSO2 products due to using HTTP GET for state-changing admin service operations in the Carbon console event processor. Despite SameSite=Lax mitigation, the cookie attribute is ineffective for cross-origin top-level navigations, all...

CVE-2025-12691 Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

CVE-2025-12691

The CVE-2025-12691 entry concerns the Photonic Gallery & Lightbox for Flickr, SmugMug & Others WordPress plugin (versions &lt;= 3.21). The connected Wordfence report confirms a stored cross-site scripting flaw in the lightbox caption attribute, exploitable by authenticated users with contributor+...

WordPress Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Caption Attribute vulnerability discovered by Webbernaut in WordPress Plugin Photonic Gallery & Lightbox for Flickr, SmugMug & Others versions = 3.21...

Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

Drupal 11.0.x < 11.1.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...