Lucene search
K

79 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14110

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.3 views

CVE-2025-14110

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00242EPSS
Exploits0References5
NVD
NVD
added 2026/01/07 12:16 p.m.2 views

CVE-2025-14114

The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.25 views

CVE-2025-14114 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.3 views

CVE-2025-14114 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 9:21 a.m.18 views

CVE-2025-14114

The CVE-2025-14114 entry concerns the 1180px Shortcodes WordPress plugin. Wordfence’s vulnerability report corroborates that a Stored Cross‑Site Scripting (XSS) flaw exists in the class shortcode attribute across all versions up to and including 1.1.1, enabling authenticated attackers with Contri...

6.4CVSS4.7AI score0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:20 a.m.19 views

CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00242EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/07 9:20 a.m.3 views

CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00242EPSS
Exploits0References5
CVE
CVE
added 2026/01/07 9:20 a.m.16 views

CVE-2025-14110

CVE-2025-14110 — WP Js List Pages Shortcodes (WordPress) A stored XSS vulnerability exists in the WP Js List Pages Shortcodes plugin via the class shortcode attribute. Affected versions are up to and including 1.21. Exploitation requires authenticated access at Contributor level or higher. Succes...

6.4CVSS4.7AI score0.00242EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1623

Name of the Vulnerable Software and Affected Versions 1180px Shortcodes plugin for WordPress versions up to and including 1.1.1 Description The 1180px Shortcodes plugin for WordPress has a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This affects...

6.4CVSS5.5AI score0.00227EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.2 views

WordPress plugin 1180px Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1620

Name of the Vulnerable Software and Affected Versions WP Js List Pages Shortcodes plugin for WordPress versions prior to 1.22 Description The WP Js List Pages Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'class' shortcode attribute. Insufficient input...

6.4CVSS5.3AI score0.00242EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/06 10:54 p.m.7 views

WordPress 1180px Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin 1180px Shortcodes versions = 1.1.1...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2026/01/06 12:0 a.m.8 views

1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute

Description The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.1AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 1:25 a.m.3 views

GHSA-4FH9-H7WG-Q85M mdast-util-to-hast has unsanitized class attribute

Impact Multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. The following markdown: markdown jsxss Would create If your page then applied .xss classes or...

6.9CVSS5.8AI score0.00251EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/01 10:17 p.m.3 views

CVE-2025-66400 mdast-util-to-hast unsanitized class attribute

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

6.9CVSS6.5AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/21 8:28 a.m.4 views

EUVD-2025-198384

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.10 views

CVE-2025-12651

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS4.9AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 4:15 a.m.12 views

CVE-2025-12651

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

6.4CVSS0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 8:27 a.m.16 views

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS0.00176EPSS
Exploits0References2
Rows per page
Query Builder