EUVD-2025-60959

The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from AuthorsListShortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to ca...

WordPress Booking Calendar Contact Form Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin suffers from a SQL injection vulnerability by adding specially crafted shortco...

DEBIAN-CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

CVE-2015-5622 concerns the robustness of WordPress shortcode HTML tag filtering. The patch tightened the parsing in wp-includes/kses.php and related shortcode handling, with fixes released around WordPress 4.2.x and culminating in WordPress 4.2.3. Debian advisories also note fixes for this CVE in...