CVE-2026-5715

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2026-5715 Voyage Plus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post-content' Shortcode

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2026-5715

The Voyage Plus WordPress plugin is vulnerable to Stored XSS via the class attribute of the post-content shortcode in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access can inje...

CVE-2026-5715

The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

WordPress plugin Bold Page Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-6877

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt bb raw content shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-45652

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5...

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

WordPress FluentCRM plugin <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentcrmcontent' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fluent CRM versions = 2.9.84...

EUVD-2021-11737

Malware in sbrugna...

EUVD-2021-11738

Malware in sbrugna...

EUVD-2023-49943

Malicious code in bioql PyPI...

EUVD-2023-12401

Malicious code in bioql PyPI...

CVE-2024-12447

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-2089

The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2023-0273

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2021-24824

The field shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the...

WordPress plugin Get Post Content Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...