79 matches found
CVE-2025-14110
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14110
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14114
The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14114 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14114 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14114
The CVE-2025-14114 entry concerns the 1180px Shortcodes WordPress plugin. Wordfence’s vulnerability report corroborates that a Stored Cross‑Site Scripting (XSS) flaw exists in the class shortcode attribute across all versions up to and including 1.1.1, enabling authenticated attackers with Contri...
CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14110
CVE-2025-14110 — WP Js List Pages Shortcodes (WordPress) A stored XSS vulnerability exists in the WP Js List Pages Shortcodes plugin via the class shortcode attribute. Affected versions are up to and including 1.21. Exploitation requires authenticated access at Contributor level or higher. Succes...
PT-2026-1623
Name of the Vulnerable Software and Affected Versions 1180px Shortcodes plugin for WordPress versions up to and including 1.1.1 Description The 1180px Shortcodes plugin for WordPress has a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This affects...
WordPress plugin 1180px Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2026-1620
Name of the Vulnerable Software and Affected Versions WP Js List Pages Shortcodes plugin for WordPress versions prior to 1.22 Description The WP Js List Pages Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'class' shortcode attribute. Insufficient input...
WordPress 1180px Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin 1180px Shortcodes versions = 1.1.1...
1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
Description The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
GHSA-4FH9-H7WG-Q85M mdast-util-to-hast has unsanitized class attribute
Impact Multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. The following markdown: markdown jsxss Would create If your page then applied .xss classes or...
CVE-2025-66400 mdast-util-to-hast unsanitized class attribute
mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...
EUVD-2025-198384
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12651
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
CVE-2025-12651
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...