121 matches found
CVE-2025-10194
The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2024-46940
Malicious code in bioql PyPI...
EUVD-2025-2836
Malicious code in bioql PyPI...
EUVD-2024-47088
Malicious code in bioql PyPI...
CVE-2025-9849
The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8618 WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosqbtn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-22558
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...
CVE-2024-3888
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin WordPress Simple Shopping Cart 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2025-3077
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Betheme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-7325 · WordPress · Umich Oidc Login
Name of the Vulnerable Software and Affected Versions: UMich OIDC Login plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'umich oidc button' shortcode due to insufficient input sanitization and output...
CVE-2024-13548 Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-22558
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...
CVE-2025-22558 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...
CVE-2025-22558
CVE-2025-22558 affects the WordPress plugin mcjh button shortcode . The vulnerability is described as an stored Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, impacting the mcjh button shortcode from version n/a up to 1.6.4. The CVSS metrics in the ...
WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin mcjh button shortcode versions = 1.6.4...
PT-2025-4549 · Unknown · Mcjh Button Shortcode
Name of the Vulnerable Software and Affected Versions: mcjh button shortcode versions 1.6.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...
WordPress plugin mcjh button shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-17677 · WordPress · Wordpress Simple Shopping Cart
Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to and including 5.0.7 Description: The issue is related to stored Cross-Site Scripting XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...