5 matches found
EUVD-2025-25698
Malicious code in bioql PyPI...
CVE-2025-7957
The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-7957
The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-7957 ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter
The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-7957
The CVE-2025-7957 entry concerns the WordPress ShortcodeHub plugin (MultiPurpose Shortcode Builder). It is a Stored Cross-Site Scripting (XSS) vulnerability via the author_link_target parameter in all versions up to 1.7.1, allowing authenticated attackers with Contributor+ privileges to inject sc...